Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop Infected, Firewall Compromised, MSE was disabled, FOS and Seri

Started by Deus_Ex_Machina , Sep 02 2012 12:20 AM

  • This topic is locked This topic is locked

#1
Deus_Ex_Machina
Posted 02 September 2012 - 12:20 AM

Deus_Ex_Machina

    Member

  • Member
  • PipPip
  • 24 posts
I am running windows 7 64-bit. My Lenovo Laptop had/has the following issues:

I had an Incredibar redirect that I finally got rid of, then I saw that my URL bar searches were being redirected to vrzc.search-help.net in Firefox. I was unable to fix this. I then realized that my Microsoft Security Essentials was deactivated, and I was unable to turn it back on. I uninstalled it, reinstalled it, and it caught several trojans, which I accidentally lost the names of when I cleared the stuff. I know better now to not clear the history. It is silly that I am unable to pull up a list now. Also, I recall the trojans were FOS and maybe Seri? Also, my Windows Firewall is compromised/disabled and I do not know what to do next to fix that. I need help. I also uninstalled all my java stuff after seeing something about that as an aid in a different forum. It didn't help, but I also did not reinstall it.


I downloaded and ran OTL. I have pasted below the file output. I rarely have problem, I use Secunia to keep my up on patches, MSE for vrus, and I run Malware Bytes now and again. Its been years since I had a problem of this magnitude on my system. The last time I got help here, and it was over 10 years ago if I recall correctly. Well, I am back. Please assist me. Thanks, GeeksToGo.



OTL LOG:

OTL logfile created on: Sun, 02 Sep 2012 01:51:23 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\operant\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: ddd, dd MMM yyyy

5.92 Gb Total Physical Memory | 4.14 Gb Available Physical Memory | 70.00% Memory free
11.83 Gb Paging File | 9.83 Gb Available in Paging File | 83.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 335.83 Gb Free Space | 79.62% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.31 Gb Free Space | 90.73% Space Free | Partition Type: NTFS

Computer Name: RUNE | User Name: operant | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/02 01:47:16 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\operant\Desktop\OTL.exe
PRC - [2012/09/01 04:55:03 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/08/29 02:07:04 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/05/21 02:23:09 | 001,592,160 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Mikogo 4\M4-Capture.exe
PRC - [2012/01/16 06:04:46 | 001,007,472 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Mikogo 4\M4-Service.exe
PRC - [2012/01/14 01:23:50 | 001,517,520 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2011/11/26 14:01:15 | 002,330,624 | ---- | M] () -- C:\Program Files (x86)\FastCheck\FastCheck.exe
PRC - [2011/11/06 01:07:45 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/10/14 02:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2010/12/04 21:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/07/02 14:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2010/03/04 10:30:10 | 000,095,744 | ---- | M] (CrispyBytes Software) -- C:\Program Files (x86)\DateInTray\DateInTray.exe
PRC - [2005/03/10 20:58:06 | 001,368,064 | ---- | M] (inteleXual.com) -- C:\Program Files (x86)\YCIII\YankClip.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/29 02:07:04 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/26 14:01:15 | 002,330,624 | ---- | M] () -- C:\Program Files (x86)\FastCheck\FastCheck.exe
MOD - [2011/11/06 01:07:45 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2010/11/11 06:39:46 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2010/11/11 06:38:44 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/11/02 09:49:46 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/11/02 09:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/11/02 09:34:14 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/30 11:05:42 | 000,311,296 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Stopped] -- C:\Program Files\Realtek\RtLED\RtLEDService.exe -- (RtLedService)
SRV:64bit: - [2010/09/22 14:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/09/01 05:12:13 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/29 02:07:04 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/16 06:04:46 | 001,007,472 | ---- | M] () [Auto | Running] -- C:\Users\operant\AppData\Roaming\Mikogo 4\M4-Service.exe -- (M4-Service)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/03/06 07:46:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/20 06:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 06:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/14 01:23:50 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/11/06 01:19:51 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/11/06 01:19:50 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/10/06 03:00:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/06 03:00:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/06 07:46:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/02/18 04:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/14 09:50:02 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/22 08:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/04 21:39:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/01 01:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/30 02:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 23:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/10/19 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 13:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 18:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)
DRV:64bit: - [2010/09/01 04:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/21 10:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\operant\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7LENN_enUS465
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.type: 4


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\operant\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\operant\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\operant\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/09/01 04:57:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 02:07:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/20 21:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/08/29 13:07:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D1B93C96-F085-11E1-8270-B8AC6F996F26}: C:\Users\operant\AppData\Local\{D1B93C96-F085-11E1-8270-B8AC6F996F26}\ [2012/08/27 16:29:11 | 000,000,000 | ---D | M]

[2012/01/25 09:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\operant\AppData\Roaming\Mozilla\Extensions
[2012/08/28 04:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions
[2012/01/07 11:14:03 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2012/08/13 12:26:16 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/01/25 08:10:14 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/04/01 11:39:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/20 15:00:54 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/01/07 00:38:02 | 000,000,000 | ---D | M] (FavIconReloader) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/07/23 20:20:44 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/05/22 14:22:22 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/05/22 14:22:22 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/01/15 14:13:33 | 000,000,000 | ---D | M] (ooVoo toolbar, powered by Ask.com) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/07/10 22:42:42 | 000,010,316 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\searchplugins\duckduckgo.xml
[2012/09/02 01:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/28 03:03:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/27 16:29:11 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\OPERANT\APPDATA\LOCAL\{D1B93C96-F085-11E1-8270-B8AC6F996F26}
[2012/01/07 00:31:35 | 000,058,343 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{446C03E0-2C35-11DB-A98B-0800200C9A66}.XPI
[2012/08/28 04:11:23 | 000,399,504 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI
[2012/07/10 13:29:10 | 000,135,156 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
[2012/01/21 20:30:26 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/01/07 12:48:19 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/07/21 13:19:19 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/08/25 14:50:47 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012/01/09 11:53:09 | 000,091,556 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI
[2012/08/10 04:03:03 | 000,048,692 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/07/10 13:29:09 | 000,009,954 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/08/15 01:47:46 | 000,053,565 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/07 12:48:19 | 000,006,496 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/06 23:39:14 | 000,113,783 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/07/03 09:27:29 | 000,087,157 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/06 23:39:14 | 000,002,656 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/06 23:39:14 | 000,009,063 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/14 18:34:25 | 000,006,099 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/09 11:53:09 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/08/29 02:07:04 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 02:07:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/29 02:07:04 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.439_0\npbrowserext.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\operant\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Skype Click to Call = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: Skype Click to Call = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QT Lite\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [cdloader] C:\Users\operant\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [DateInTray] C:\Program Files (x86)\DateInTray\DateInTray.exe (CrispyBytes Software)
O4 - HKCU..\Run: [eFax 4.4] C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastCheck.lnk = C:\Program Files (x86)\FastCheck\FastCheck.exe ()
O4 - Startup: C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yankee Clipper III.lnk = C:\Program Files (x86)\YCIII\YankClip.exe (inteleXual.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{797338DD-4CC7-4132-84DF-ED122EB66430}: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4d216aaf-3c60-11e1-82ae-f0def19d5da1}\Shell - "" = AutoRun
O33 - MountPoints2\{4d216aaf-3c60-11e1-82ae-f0def19d5da1}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\begin_here.htm
O33 - MountPoints2\{5ed30af1-43b5-11e1-9df4-f0def19d5da1}\Shell - "" = AutoRun
O33 - MountPoints2\{5ed30af1-43b5-11e1-9df4-f0def19d5da1}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b7951c20-3f7a-11e1-88b7-f0def19d5da1}\Shell - "" = AutoRun
O33 - MountPoints2\{b7951c20-3f7a-11e1-88b7-f0def19d5da1}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\E\Shell\phone\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (dfboottime \??\C:\windows\System32\dfboottime.cfg)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (FbDefrag)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/02 01:47:14 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\operant\Desktop\OTL.exe
[2012/09/02 01:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/02 01:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/01 05:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/30 14:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/08/28 03:42:18 | 000,000,000 | ---D | C] -- C:\Users\operant\Desktop\Temp spot for updates
[2012/08/28 02:46:57 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Roaming\Malwarebytes
[2012/08/28 02:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/28 02:46:45 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/08/28 02:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/28 02:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/27 16:29:11 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\{D1B93C96-F085-11E1-8270-B8AC6F996F26}
[2012/08/24 22:35:07 | 000,000,000 | ---D | C] -- C:\Users\operant\Documents\My Digital Editions
[2012/08/24 22:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/08/24 22:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/08/20 21:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/08/20 21:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/08/20 21:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/08/20 21:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/08/20 21:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/08/20 21:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/08/20 21:35:39 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\Microsoft Help
[2012/08/20 21:35:09 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/08/20 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\{CC5A59D5-1028-4A61-8516-B4E04D7693EA}
[2012/08/20 21:01:52 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Roaming\Windows Live Writer
[2012/08/20 21:01:52 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\Windows Live Writer
[2012/08/09 12:28:47 | 000,000,000 | ---D | C] -- C:\Users\operant\Desktop\The Code Teacher
[2012/08/07 16:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012/08/07 16:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012/08/06 21:30:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012/08/04 11:05:28 | 000,000,000 | R--D | C] -- C:\Users\operant\Desktop\
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/02 01:55:20 | 000,786,616 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/02 01:55:20 | 000,665,600 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/02 01:55:20 | 000,123,336 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/02 01:49:30 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/02 01:49:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/02 01:48:58 | 469,348,351 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/02 01:47:16 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\operant\Desktop\OTL.exe
[2012/09/02 01:47:12 | 000,000,000 | ---- | M] () -- C:\Users\operant\AppData\Local\¹º»¼½¾¿ÀÁÂĂÄÅÆÇÈÉÊË̀ÍÎÏĐÑ̉ÓÔƠÖ×ØÙÚÛÜỮßàáâăäåæçèéêë́íîïđṇ̃óôơö÷øùúûüư₫ÿ
[2012/09/02 01:42:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/02 01:34:12 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/02 01:33:58 | 000,800,766 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/09/02 01:33:00 | 000,000,322 | ---- | M] () -- C:\windows\tasks\PrintProjects Communicator.job
[2012/09/02 01:14:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1896445519-1314585514-2017666467-1001UA.job
[2012/09/02 01:07:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/01 23:49:31 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/01 23:49:31 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/31 21:14:00 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1896445519-1314585514-2017666467-1001Core.job
[2012/08/29 13:07:51 | 000,002,114 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/08/29 10:11:50 | 000,001,441 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/28 03:13:06 | 000,000,854 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/08/28 02:46:46 | 000,001,137 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/25 04:27:29 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/08/24 22:35:00 | 000,002,206 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/08/24 22:35:00 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2012/08/23 18:30:03 | 000,001,137 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/22 20:16:45 | 000,198,812 | ---- | M] () -- C:\Users\operant\Desktop\B008S129XY_EBOK.azw
[2012/08/21 21:15:21 | 000,002,459 | ---- | M] () -- C:\Users\operant\Desktop\Google Chrome.lnk
[2012/08/21 10:59:37 | 000,470,896 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/21 00:23:26 | 000,001,998 | ---- | M] () -- C:\Users\operant\Desktop\Kindle.lnk
[2012/08/20 21:07:31 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/08/20 20:54:21 | 000,007,680 | ---- | M] () -- C:\Users\operant\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/13 17:29:26 | 000,087,184 | ---- | M] () -- C:\Users\operant\Desktop\Capital One Online Banking - 13aug2012.pdf
[2012/08/13 15:12:55 | 000,077,457 | ---- | M] () -- C:\Users\operant\Desktop\Newegg.com - Acer Aspire AX1920-UR20P.pdf
[2012/08/11 13:53:55 | 000,555,293 | ---- | M] () -- C:\Users\operant\Desktop\Acer_CONS_WTY_DOC_1_YR_MICI_US_CA_MX_LA_46.AD148.008_021312.pdf
[2012/08/09 18:39:25 | 000,001,002 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yankee Clipper III.lnk
[2012/08/09 15:09:40 | 000,106,437 | ---- | M] () -- C:\Users\operant\Desktop\SnapshotStargateCapel_001.jpg
[2012/08/09 10:38:41 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/07 20:30:27 | 000,079,414 | ---- | M] () -- C:\Users\operant\Desktop\Staples.com® _ Printable Order Summary.pdf
[2012/08/07 16:28:12 | 000,087,695 | ---- | M] () -- C:\Users\operant\Desktop\Capital One Online Banking.pdf
[2012/08/07 16:27:43 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012/08/07 16:27:43 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/08/07 14:04:26 | 000,144,949 | ---- | M] () -- C:\Users\operant\Desktop\Snapshot for Gate in Capel_001.jpg
[2012/08/06 21:53:03 | 000,035,994 | ---- | M] () -- C:\Users\operant\Desktop\New Rich Text Document.odt
[2012/08/06 21:29:57 | 000,000,007 | ---- | M] () -- C:\Users\operant\Desktop\New Rich Text Document.rtf
[2012/08/06 15:29:28 | 000,080,955 | R--- | M] () -- C:\Users\operant\Desktop\189.pdf
[2012/08/06 13:49:26 | 000,542,419 | R--- | M] () -- C:\Users\operant\Desktop\13.pdf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/02 01:33:59 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/01 04:59:21 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/30 14:29:50 | 000,016,384 | ---- | C] () -- C:\windows\SysWow64\FileOps.exe
[2012/08/28 03:13:06 | 000,000,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/08/28 02:46:46 | 000,001,137 | ---- | C] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/27 16:29:11 | 000,000,000 | ---- | C] () -- C:\Users\operant\AppData\Local\¹º»¼½¾¿ÀÁÂĂÄÅÆÇÈÉÊË̀ÍÎÏĐÑ̉ÓÔƠÖ×ØÙÚÛÜỮßàáâăäåæçèéêë́íîïđṇ̃óôơö÷øùúûüư₫ÿ
[2012/08/24 22:35:00 | 000,002,206 | ---- | C] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/08/24 22:35:00 | 000,002,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/08/24 22:35:00 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2012/08/22 21:14:04 | 000,198,812 | ---- | C] () -- C:\Users\operant\Desktop\B008S129XY_EBOK.azw
[2012/08/20 21:47:05 | 000,001,137 | ---- | C] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/13 17:29:25 | 000,087,184 | ---- | C] () -- C:\Users\operant\Desktop\Capital One Online Banking - 13aug2012.pdf
[2012/08/13 15:12:54 | 000,077,457 | ---- | C] () -- C:\Users\operant\Desktop\Newegg.com - Acer Aspire AX1920-UR20P.pdf
[2012/08/11 13:53:55 | 000,555,293 | ---- | C] () -- C:\Users\operant\Desktop\Acer_CONS_WTY_DOC_1_YR_MICI_US_CA_MX_LA_46.AD148.008_021312.pdf
[2012/08/09 15:09:40 | 000,106,437 | ---- | C] () -- C:\Users\operant\Desktop\SnapshotStargateCapel_001.jpg
[2012/08/07 20:30:26 | 000,079,414 | ---- | C] () -- C:\Users\operant\Desktop\Staples.com® _ Printable Order Summary.pdf
[2012/08/07 16:28:11 | 000,087,695 | ---- | C] () -- C:\Users\operant\Desktop\Capital One Online Banking.pdf
[2012/08/07 16:27:43 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012/08/07 16:27:43 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/08/07 14:04:26 | 000,144,949 | ---- | C] () -- C:\Users\operant\Desktop\Snapshot for Gate in Capel_001.jpg
[2012/08/06 21:53:01 | 000,035,994 | ---- | C] () -- C:\Users\operant\Desktop\New Rich Text Document.odt
[2012/08/06 21:29:57 | 000,000,007 | ---- | C] () -- C:\Users\operant\Desktop\New Rich Text Document.rtf
[2012/08/06 15:29:30 | 000,080,955 | R--- | C] () -- C:\Users\operant\Desktop\189.pdf
[2012/08/06 13:49:28 | 000,542,419 | R--- | C] () -- C:\Users\operant\Desktop\13.pdf
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/02/03 20:25:51 | 000,007,680 | ---- | C] () -- C:\Users\operant\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/30 15:24:51 | 000,800,766 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/27 10:50:23 | 000,000,000 | ---- | C] () -- C:\Users\operant\shutdown_info.xml
[2012/01/16 23:02:05 | 000,079,872 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2012/01/14 01:14:44 | 000,015,200 | ---- | C] () -- C:\windows\Q-Dir.ini
[2011/11/06 09:49:28 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll
[2011/11/06 09:49:28 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS
[2011/11/06 09:49:27 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll
[2011/11/06 09:49:27 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll
[2011/11/06 09:49:27 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll
[2011/11/06 09:49:27 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll
[2011/11/06 09:49:27 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll
[2011/11/06 09:49:27 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe
[2011/11/06 09:49:27 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe
[2011/11/06 09:49:27 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE
[2011/11/06 09:49:27 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE
[2011/11/06 09:49:26 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys
[2011/11/06 01:02:31 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011/11/06 01:02:31 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/11/06 01:02:31 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/11/06 01:02:31 | 000,466,944 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011/11/06 01:02:26 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/11/06 00:48:54 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2011/11/06 00:48:54 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2011/04/13 23:01:19 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/13 22:51:06 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/07/30 14:13:00 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Bitcoin
[2012/02/03 20:35:07 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Blackberry Desktop
[2012/08/25 04:29:56 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\calibre
[2012/01/16 20:40:33 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\DelinvFile
[2012/04/17 09:33:32 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\eFax Messenger
[2012/01/20 20:24:12 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Firestorm
[2012/05/03 23:42:53 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Foxit Software
[2012/07/13 13:08:16 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\GoodSync
[2012/04/17 09:32:56 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\j2 Global
[2012/02/15 07:36:03 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Jaangle
[2012/01/12 12:48:27 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Leadertech
[2012/01/22 23:34:16 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\LibreOffice
[2012/05/21 02:23:27 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Mikogo 4
[2012/06/11 21:06:44 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\mjusbsp
[2012/01/15 14:13:51 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\ooVoo Details
[2012/08/07 16:27:42 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\pdfforge
[2012/01/27 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\PerfView
[2012/01/14 01:16:50 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Q-Dir
[2012/02/03 20:24:40 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Research In Motion
[2012/07/25 01:03:29 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\SecondLife
[2012/05/31 12:13:38 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Temp
[2012/01/07 07:21:49 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Thunderbird
[2012/01/19 17:19:05 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\TrueCrypt
[2012/08/22 23:16:32 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\uTorrent
[2012/05/31 12:22:49 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Visan
[2012/08/20 21:01:52 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Windows Live Writer
[2012/05/07 01:04:26 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\XnView
[2012/09/02 01:33:00 | 000,000,322 | ---- | M] () -- C:\windows\Tasks\PrintProjects Communicator.job
[2012/05/19 23:20:05 | 000,032,620 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Deus_Ex_Machina
Posted 02 September 2012 - 12:37 AM

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Also, when I try to reset my Windows 7 Firewall I get the following error code: 0x80070424. This is the same error code when trying to update virus definitions on MSE.
  • 0

#3
Deus_Ex_Machina
Posted 02 September 2012 - 12:43 AM

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I am running a full scan with MSE again and so far it has found the following:

Trojan Rogue:Win32/WinWebSec
Exploit Exploit:Java CVE-2012-4681.N
Exploit Exploit:Java CVE-2012-4681.BU
  • 0

#4
Deus_Ex_Machina
Posted 02 September 2012 - 12:46 AM

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I ran Panda Cloud Scanner and cleaned-up 7 suspicious policies it found. I saw that had firewall mentioned in the registry entry.
  • 0

#5
Essexboy
Posted 02 September 2012 - 04:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I would like a different look at the system. OTL will only produce one log this time

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    %systemdrive%\$Recycle.Bin|@;true;true;true
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

FINALLY

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#6
Deus_Ex_Machina
Posted 02 September 2012 - 08:23 AM

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Essexboy,

Thank you for your help!


Here is the OTL Log:

OTL logfile created on: Sun, 02 Sep 2012 10:07:18 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\operant\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: ddd, dd MMM yyyy

5.92 Gb Total Physical Memory | 4.37 Gb Available Physical Memory | 73.79% Memory free
11.83 Gb Paging File | 10.11 Gb Available in Paging File | 85.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 335.42 Gb Free Space | 79.52% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.31 Gb Free Space | 90.73% Space Free | Partition Type: NTFS

Computer Name: RUNE | User Name: operant | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/02 01:47:16 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\operant\Desktop\OTL.exe
PRC - [2012/09/01 04:55:03 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/05/21 02:23:09 | 001,592,160 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Mikogo 4\M4-Capture.exe
PRC - [2012/01/16 06:04:46 | 001,007,472 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Mikogo 4\M4-Service.exe
PRC - [2012/01/14 01:23:50 | 001,517,520 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2011/11/26 14:01:15 | 002,330,624 | ---- | M] () -- C:\Program Files (x86)\FastCheck\FastCheck.exe
PRC - [2011/11/06 01:07:45 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/10/14 02:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/03/06 07:46:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/12/20 06:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 06:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/04 21:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/07/02 14:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2010/03/04 10:30:10 | 000,095,744 | ---- | M] (CrispyBytes Software) -- C:\Program Files (x86)\DateInTray\DateInTray.exe
PRC - [2005/03/10 20:58:06 | 001,368,064 | ---- | M] (inteleXual.com) -- C:\Program Files (x86)\YCIII\YankClip.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/26 14:01:15 | 002,330,624 | ---- | M] () -- C:\Program Files (x86)\FastCheck\FastCheck.exe
MOD - [2011/11/06 01:07:45 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2010/11/11 06:39:46 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2010/11/11 06:38:44 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/11/02 09:49:46 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/11/02 09:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/11/02 09:34:14 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/30 11:05:42 | 000,311,296 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtLED\RtLEDService.exe -- (RtLedService)
SRV:64bit: - [2010/09/22 14:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/09/01 05:12:13 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/29 02:07:04 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/16 06:04:46 | 001,007,472 | ---- | M] () [Auto | Running] -- C:\Users\operant\AppData\Roaming\Mikogo 4\M4-Service.exe -- (M4-Service)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/03/06 07:46:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/20 06:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 06:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/14 01:23:50 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/11/06 01:19:51 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/11/06 01:19:50 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/10/06 03:00:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/06 03:00:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/06 07:46:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/02/18 04:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/14 09:50:02 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/22 08:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/04 21:39:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/01 01:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/30 02:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 23:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/10/19 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 13:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 18:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)
DRV:64bit: - [2010/09/01 04:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/21 10:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\operant\Downloads
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7LENN_enUS465
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.type: 4


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\operant\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\operant\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\operant\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/09/01 04:57:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 02:07:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/20 21:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/08/29 13:07:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D1B93C96-F085-11E1-8270-B8AC6F996F26}: C:\Users\operant\AppData\Local\{D1B93C96-F085-11E1-8270-B8AC6F996F26}\ [2012/08/27 16:29:11 | 000,000,000 | ---D | M]

[2012/01/25 09:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\operant\AppData\Roaming\Mozilla\Extensions
[2012/08/28 04:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions
[2012/01/07 11:14:03 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2012/08/13 12:26:16 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/01/25 08:10:14 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/04/01 11:39:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/20 15:00:54 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/01/07 00:38:02 | 000,000,000 | ---D | M] (FavIconReloader) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/07/23 20:20:44 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/05/22 14:22:22 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/05/22 14:22:22 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/01/15 14:13:33 | 000,000,000 | ---D | M] (ooVoo toolbar, powered by Ask.com) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/07/10 22:42:42 | 000,010,316 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\searchplugins\duckduckgo.xml
[2012/09/02 01:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/28 03:03:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/27 16:29:11 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\OPERANT\APPDATA\LOCAL\{D1B93C96-F085-11E1-8270-B8AC6F996F26}
[2012/01/07 00:31:35 | 000,058,343 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{446C03E0-2C35-11DB-A98B-0800200C9A66}.XPI
[2012/08/28 04:11:23 | 000,399,504 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI
[2012/07/10 13:29:10 | 000,135,156 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
[2012/01/21 20:30:26 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/01/07 12:48:19 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/07/21 13:19:19 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/08/25 14:50:47 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012/01/09 11:53:09 | 000,091,556 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI
[2012/08/10 04:03:03 | 000,048,692 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/07/10 13:29:09 | 000,009,954 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/08/15 01:47:46 | 000,053,565 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/07 12:48:19 | 000,006,496 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/06 23:39:14 | 000,113,783 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/07/03 09:27:29 | 000,087,157 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/06 23:39:14 | 000,002,656 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/06 23:39:14 | 000,009,063 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/14 18:34:25 | 000,006,099 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/09 11:53:09 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/08/29 02:07:04 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 02:07:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/29 02:07:04 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.439_0\npbrowserext.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\operant\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Skype Click to Call = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: Skype Click to Call = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\Toolbar\ShellBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\Toolbar\ShellBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QT Lite\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001..\Run: [cdloader] C:\Users\operant\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001..\Run: [DateInTray] C:\Program Files (x86)\DateInTray\DateInTray.exe (CrispyBytes Software)
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001..\Run: [eFax 4.4] C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastCheck.lnk = C:\Program Files (x86)\FastCheck\FastCheck.exe ()
O4 - Startup: C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yankee Clipper III.lnk = C:\Program Files (x86)\YCIII\YankClip.exe (inteleXual.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{797338DD-4CC7-4132-84DF-ED122EB66430}: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4d216aaf-3c60-11e1-82ae-f0def19d5da1}\Shell - "" = AutoRun
O33 - MountPoints2\{4d216aaf-3c60-11e1-82ae-f0def19d5da1}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\begin_here.htm
O33 - MountPoints2\{5ed30af1-43b5-11e1-9df4-f0def19d5da1}\Shell - "" = AutoRun
O33 - MountPoints2\{5ed30af1-43b5-11e1-9df4-f0def19d5da1}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b7951c20-3f7a-11e1-88b7-f0def19d5da1}\Shell - "" = AutoRun
O33 - MountPoints2\{b7951c20-3f7a-11e1-88b7-f0def19d5da1}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\E\Shell\phone\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (dfboottime \??\C:\windows\System32\dfboottime.cfg)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (FbDefrag)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/02 10:05:01 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\operant\Desktop\FSS.exe
[2012/09/02 10:04:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\operant\Desktop\aswMBR.exe
[2012/09/02 02:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/09/02 02:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012/09/02 01:47:14 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\operant\Desktop\OTL.exe
[2012/09/02 01:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/02 01:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/01 05:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/30 14:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/08/28 03:42:18 | 000,000,000 | ---D | C] -- C:\Users\operant\Desktop\Temp spot for updates
[2012/08/28 02:46:57 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Roaming\Malwarebytes
[2012/08/28 02:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/28 02:46:45 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/08/28 02:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/28 02:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/27 16:29:11 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\{D1B93C96-F085-11E1-8270-B8AC6F996F26}
[2012/08/24 22:35:07 | 000,000,000 | ---D | C] -- C:\Users\operant\Documents\My Digital Editions
[2012/08/24 22:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/08/24 22:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/08/20 21:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/08/20 21:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/08/20 21:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/08/20 21:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/08/20 21:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/08/20 21:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/08/20 21:35:39 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\Microsoft Help
[2012/08/20 21:35:09 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/08/20 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\{CC5A59D5-1028-4A61-8516-B4E04D7693EA}
[2012/08/20 21:01:52 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Roaming\Windows Live Writer
[2012/08/20 21:01:52 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\Windows Live Writer
[2012/08/09 12:28:47 | 000,000,000 | ---D | C] -- C:\Users\operant\Desktop\The Code Teacher
[2012/08/07 16:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012/08/07 16:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012/08/06 21:30:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012/08/04 11:05:28 | 000,000,000 | R--D | C] -- C:\Users\operant\Desktop\
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/02 10:07:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/02 10:06:38 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 10:06:38 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 10:05:05 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\operant\Desktop\FSS.exe
[2012/09/02 10:04:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\operant\Desktop\aswMBR.exe
[2012/09/02 10:03:52 | 000,786,616 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/02 10:03:52 | 000,665,600 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/02 10:03:52 | 000,123,336 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/02 09:59:35 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/02 09:59:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/02 09:59:05 | 469,348,351 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/02 05:14:53 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1896445519-1314585514-2017666467-1001UA.job
[2012/09/02 05:14:52 | 000,002,459 | ---- | M] () -- C:\Users\operant\Desktop\Google Chrome.lnk
[2012/09/02 04:42:01 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/02 04:33:10 | 000,000,322 | ---- | M] () -- C:\windows\tasks\PrintProjects Communicator.job
[2012/09/02 02:28:27 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012/09/02 01:47:16 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\operant\Desktop\OTL.exe
[2012/09/02 01:47:12 | 000,000,000 | ---- | M] () -- C:\Users\operant\AppData\Local\¹º»¼½¾¿ÀÁÂĂÄÅÆÇÈÉÊË̀ÍÎÏĐÑ̉ÓÔƠÖ×ØÙÚÛÜỮßàáâăäåæçèéêë́íîïđṇ̃óôơö÷øùúûüư₫ÿ
[2012/09/02 01:34:12 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/02 01:33:58 | 000,800,766 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/08/31 21:14:00 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1896445519-1314585514-2017666467-1001Core.job
[2012/08/29 13:07:51 | 000,002,114 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/08/29 10:11:50 | 000,001,441 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/28 03:13:06 | 000,000,854 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/08/28 02:46:46 | 000,001,137 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/25 04:27:29 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/08/24 22:35:00 | 000,002,206 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/08/24 22:35:00 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2012/08/23 18:30:03 | 000,001,137 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/22 20:16:45 | 000,198,812 | ---- | M] () -- C:\Users\operant\Desktop\B008S129XY_EBOK.azw
[2012/08/21 10:59:37 | 000,470,896 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/21 00:23:26 | 000,001,998 | ---- | M] () -- C:\Users\operant\Desktop\Kindle.lnk
[2012/08/20 21:07:31 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/08/20 20:54:21 | 000,007,680 | ---- | M] () -- C:\Users\operant\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/13 17:29:26 | 000,087,184 | ---- | M] () -- C:\Users\operant\Desktop\Capital One Online Banking - 13aug2012.pdf
[2012/08/13 15:12:55 | 000,077,457 | ---- | M] () -- C:\Users\operant\Desktop\Newegg.com - Acer Aspire AX1920-UR20P.pdf
[2012/08/11 13:53:55 | 000,555,293 | ---- | M] () -- C:\Users\operant\Desktop\Acer_CONS_WTY_DOC_1_YR_MICI_US_CA_MX_LA_46.AD148.008_021312.pdf
[2012/08/09 18:39:25 | 000,001,002 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yankee Clipper III.lnk
[2012/08/09 15:09:40 | 000,106,437 | ---- | M] () -- C:\Users\operant\Desktop\SnapshotStargateCapel_001.jpg
[2012/08/09 10:38:41 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/07 20:30:27 | 000,079,414 | ---- | M] () -- C:\Users\operant\Desktop\Staples.com® _ Printable Order Summary.pdf
[2012/08/07 16:28:12 | 000,087,695 | ---- | M] () -- C:\Users\operant\Desktop\Capital One Online Banking.pdf
[2012/08/07 16:27:43 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012/08/07 16:27:43 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/08/07 14:04:26 | 000,144,949 | ---- | M] () -- C:\Users\operant\Desktop\Snapshot for Gate in Capel_001.jpg
[2012/08/06 21:53:03 | 000,035,994 | ---- | M] () -- C:\Users\operant\Desktop\New Rich Text Document.odt
[2012/08/06 21:29:57 | 000,000,007 | ---- | M] () -- C:\Users\operant\Desktop\New Rich Text Document.rtf
[2012/08/06 15:29:28 | 000,080,955 | R--- | M] () -- C:\Users\operant\Desktop\189.pdf
[2012/08/06 13:49:26 | 000,542,419 | R--- | M] () -- C:\Users\operant\Desktop\13.pdf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/02 02:28:27 | 000,001,286 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012/09/02 01:33:59 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/01 04:59:21 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/30 14:29:50 | 000,016,384 | ---- | C] () -- C:\windows\SysWow64\FileOps.exe
[2012/08/28 03:13:06 | 000,000,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/08/28 02:46:46 | 000,001,137 | ---- | C] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/27 16:29:11 | 000,000,000 | ---- | C] () -- C:\Users\operant\AppData\Local\¹º»¼½¾¿ÀÁÂĂÄÅÆÇÈÉÊË̀ÍÎÏĐÑ̉ÓÔƠÖ×ØÙÚÛÜỮßàáâăäåæçèéêë́íîïđṇ̃óôơö÷øùúûüư₫ÿ
[2012/08/24 22:35:00 | 000,002,206 | ---- | C] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/08/24 22:35:00 | 000,002,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/08/24 22:35:00 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2012/08/22 21:14:04 | 000,198,812 | ---- | C] () -- C:\Users\operant\Desktop\B008S129XY_EBOK.azw
[2012/08/20 21:47:05 | 000,001,137 | ---- | C] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/13 17:29:25 | 000,087,184 | ---- | C] () -- C:\Users\operant\Desktop\Capital One Online Banking - 13aug2012.pdf
[2012/08/13 15:12:54 | 000,077,457 | ---- | C] () -- C:\Users\operant\Desktop\Newegg.com - Acer Aspire AX1920-UR20P.pdf
[2012/08/11 13:53:55 | 000,555,293 | ---- | C] () -- C:\Users\operant\Desktop\Acer_CONS_WTY_DOC_1_YR_MICI_US_CA_MX_LA_46.AD148.008_021312.pdf
[2012/08/09 15:09:40 | 000,106,437 | ---- | C] () -- C:\Users\operant\Desktop\SnapshotStargateCapel_001.jpg
[2012/08/07 20:30:26 | 000,079,414 | ---- | C] () -- C:\Users\operant\Desktop\Staples.com® _ Printable Order Summary.pdf
[2012/08/07 16:28:11 | 000,087,695 | ---- | C] () -- C:\Users\operant\Desktop\Capital One Online Banking.pdf
[2012/08/07 16:27:43 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012/08/07 16:27:43 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/08/07 14:04:26 | 000,144,949 | ---- | C] () -- C:\Users\operant\Desktop\Snapshot for Gate in Capel_001.jpg
[2012/08/06 21:53:01 | 000,035,994 | ---- | C] () -- C:\Users\operant\Desktop\New Rich Text Document.odt
[2012/08/06 21:29:57 | 000,000,007 | ---- | C] () -- C:\Users\operant\Desktop\New Rich Text Document.rtf
[2012/08/06 15:29:30 | 000,080,955 | R--- | C] () -- C:\Users\operant\Desktop\189.pdf
[2012/08/06 13:49:28 | 000,542,419 | R--- | C] () -- C:\Users\operant\Desktop\13.pdf
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/02/03 20:25:51 | 000,007,680 | ---- | C] () -- C:\Users\operant\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/30 15:24:51 | 000,800,766 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/27 10:50:23 | 000,000,000 | ---- | C] () -- C:\Users\operant\shutdown_info.xml
[2012/01/16 23:02:05 | 000,079,872 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2012/01/14 01:14:44 | 000,015,200 | ---- | C] () -- C:\windows\Q-Dir.ini
[2011/11/06 09:49:28 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll
[2011/11/06 09:49:28 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS
[2011/11/06 09:49:27 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll
[2011/11/06 09:49:27 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll
[2011/11/06 09:49:27 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll
[2011/11/06 09:49:27 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll
[2011/11/06 09:49:27 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll
[2011/11/06 09:49:27 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe
[2011/11/06 09:49:27 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe
[2011/11/06 09:49:27 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE
[2011/11/06 09:49:27 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE
[2011/11/06 09:49:26 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys
[2011/11/06 01:02:31 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011/11/06 01:02:31 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/11/06 01:02:31 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/11/06 01:02:31 | 000,466,944 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011/11/06 01:02:26 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/11/06 00:48:54 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2011/11/06 00:48:54 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2011/04/13 23:01:19 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/13 22:51:06 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/07/21 11:12:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2012/07/21 11:12:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2012/07/30 14:13:00 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Bitcoin
[2012/02/03 20:35:07 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Blackberry Desktop
[2012/08/25 04:29:56 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\calibre
[2012/01/16 20:40:33 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\DelinvFile
[2012/04/17 09:33:32 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\eFax Messenger
[2012/01/20 20:24:12 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Firestorm
[2012/05/03 23:42:53 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Foxit Software
[2012/07/13 13:08:16 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\GoodSync
[2012/04/17 09:32:56 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\j2 Global
[2012/02/15 07:36:03 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Jaangle
[2012/01/12 12:48:27 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Leadertech
[2012/01/22 23:34:16 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\LibreOffice
[2012/05/21 02:23:27 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Mikogo 4
[2012/06/11 21:06:44 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\mjusbsp
[2012/01/15 14:13:51 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\ooVoo Details
[2012/08/07 16:27:42 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\pdfforge
[2012/01/27 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\PerfView
[2012/01/14 01:16:50 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Q-Dir
[2012/02/03 20:24:40 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Research In Motion
[2012/07/25 01:03:29 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\SecondLife
[2012/05/31 12:13:38 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Temp
[2012/01/07 07:21:49 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Thunderbird
[2012/01/19 17:19:05 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\TrueCrypt
[2012/08/22 23:16:32 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\uTorrent
[2012/05/31 12:22:49 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Visan
[2012/08/20 21:01:52 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Windows Live Writer
[2012/09/02 03:54:17 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\XnView
[2012/09/02 04:33:10 | 000,000,322 | ---- | M] () -- C:\windows\Tasks\PrintProjects Communicator.job
[2012/05/19 23:20:05 | 000,032,620 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/10/06 02:57:50 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/10/06 02:57:50 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/10/06 02:57:50 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/10/06 02:57:50 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/10/06 02:57:50 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/10/06 02:57:50 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\windows\SysNative\qmgr.dll
[2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >

< End of report >



And here is the Extras log:

OTL Extras logfile created on: Sun, 02 Sep 2012 01:51:23 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\operant\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: ddd, dd MMM yyyy

5.92 Gb Total Physical Memory | 4.14 Gb Available Physical Memory | 70.00% Memory free
11.83 Gb Paging File | 9.83 Gb Available in Paging File | 83.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 335.83 Gb Free Space | 79.62% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.31 Gb Free Space | 90.73% Space Free | Partition Type: NTFS

Computer Name: RUNE | User Name: operant | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [Browse with XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [Browse with XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00070886-D6C6-423C-B5A7-3298ABF20E11}" = pdfforge PDFArchitect 0.5.0.435
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24190661-2122-40D1-9F7C-8FDEA5AE4197}" = Microsoft Windows Performance Toolkit
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2998191E-A35E-47E2-BE38-7702C731D722}" = SRS Premium Sound Control Panel
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}" = Eraser 6.0.9.2343
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A216DF4A-28D1-3D94-ADA6-3AE50E42742D}" = Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
"{ACB6F4ED-835B-44EC-9EFD-AC8C83D28597}" = RtLED
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel® PROSet/Wireless WiFi Software
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{C7311329-C491-427B-8880-133E84869B3A}" = Vista Shortcut Manager x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AutoHotkey" = AutoHotkey 1.1.05.06
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"ProInst" = Intel PROSet Wireless
"Q-Dir" = Q-Dir
"Recuva" = Recuva
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
"sp6" = Logitech SetPoint 6.32
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.9
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A8C25A4-A90A-4A0E-91DD-37535507476A}" = LogMeIn Rescue Technician Console
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B079F85-A24D-4642-BF1A-32D5A6B3A003}" = calibre
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B862B671-59FD-7457-AFA0-C738FB7ABD60}" = Windows SDK Intellidocs
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DC33421C-0E1C-470A-BE37-7B7C82677812}" = EchoLink
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 6.0
"AI RoboForm" = RoboForm 7-8-2-5 (All Users)
"Amazon Kindle" = Amazon Kindle
"BeCyIconGrabber" = BeCyIconGrabber
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"CDisplay_is1" = CDisplay 1.8
"DateInTray" = DateInTray 1.6
"Digital Editions" = Adobe Digital Editions
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FastCheck" = FastCheck (remove only)
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"ffdshow_is1" = ffdshow v1.1.4096 [2011-11-29]
"Firestorm-Release" = Firestorm-Release (remove only)
"Foxit Reader_is1" = Foxit Reader
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Jaangle music management" = Jaangle music management
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"Mozilla Thunderbird 15.0 (x86 en-GB)" = Mozilla Thunderbird 15.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PrintProjects" = PrintProjects
"quicktime_lite_is1" = QT Lite 4.1.0
"SecondLifeViewer" = SecondLifeViewer (remove only)
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"The Weather Channel App" = The Weather Channel App
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"VeriFace" = VeriFace
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 1.99
"Yankee Clipper III" = Yankee Clipper III
"ZSoft Uninstaller" = ZSoft Uninstaller 2.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = ooVoo toolbar, powered by Ask.com Updater
"Bitcoin" = Bitcoin
"DelinvFile_is1" = DelinvFile - 4.04
"Google Chrome" = Google Chrome
"magicJack" = magicJack
"Mikogo 4" = Mikogo 4
"SOE-DC Universe Online Live" = DC Universe Online Live

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - Wed, 15 Aug 2012 22:18:59 | Computer Name = rune | Source = WinMgmt | ID = 10
Description =

Error - Wed, 15 Aug 2012 23:24:51 | Computer Name = rune | Source = Application Error | ID = 1000
Description = Faulting application name: SLPlugin.exe, version: 0.0.0.0, time stamp:
0x4ffb853c Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000264 Fault offset: 0x000a2495 Faulting process id:
0x13cc Faulting application start time: 0x01cd7b5eb0b1d223 Faulting application path:
C:\Program Files (x86)\Firestorm-Release\SLPlugin.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll
Report
Id: f0008a0b-e751-11e1-b372-f0def19d5da1

Error - Thu, 16 Aug 2012 19:26:55 | Computer Name = rune | Source = WinMgmt | ID = 10
Description =

Error - Fri, 17 Aug 2012 13:53:06 | Computer Name = rune | Source = WinMgmt | ID = 10
Description =

Error - Fri, 17 Aug 2012 23:03:42 | Computer Name = rune | Source = WinMgmt | ID = 10
Description =

Error - Sat, 18 Aug 2012 10:17:16 | Computer Name = rune | Source = WinMgmt | ID = 10
Description =

Error - Sun, 19 Aug 2012 22:52:03 | Computer Name = rune | Source = WinMgmt | ID = 10
Description =

Error - Mon, 20 Aug 2012 01:58:39 | Computer Name = rune | Source = WinMgmt | ID = 10
Description =

Error - Mon, 20 Aug 2012 12:30:51 | Computer Name = rune | Source = WinMgmt | ID = 10
Description =

Error - Mon, 20 Aug 2012 20:54:23 | Computer Name = rune | Source = Application Error | ID = 1000
Description = Faulting application name: Rim.Transcoder.exe, version: 7.0.0.56,
time stamp: 0x4fb55c78 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x006e0975 Faulting process id:
0xdd0 Faulting application start time: 0x01cd7f370f47def1 Faulting application path:
C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Transcoder.exe
Faulting
module path: unknown Report Id: befad595-eb2a-11e1-b50e-f0def19d5da1

[ System Events ]
Error - Sat, 19 May 2012 04:10:22 | Computer Name = rune | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.171.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - Sat, 19 May 2012 23:19:50 | Computer Name = rune | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - Sat, 19 May 2012 23:19:57 | Computer Name = rune | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - Mon, 21 May 2012 02:16:21 | Computer Name = rune | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - Mon, 21 May 2012 02:16:37 | Computer Name = rune | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - Mon, 21 May 2012 02:23:07 | Computer Name = rune | Source = Service Control Manager | ID = 7030
Description = The M4-Service service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - Tue, 22 May 2012 10:40:04 | Computer Name = rune | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - Tue, 22 May 2012 10:40:10 | Computer Name = rune | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - Wed, 23 May 2012 08:46:48 | Computer Name = rune | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - Wed, 23 May 2012 08:46:53 | Computer Name = rune | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!


< End of report >


I would like to point out that when I ran these I did get several error winddows that popped up for YCIII (Yankee Clipper III. I just clicked 'OK' on them to close them out. I will post the next step you requested in my next post, as I have to open/close my browser to see what is next and run it with no windows open. While I was typing this I had it happened again with the YCIII errors, it was trying to save files to its history. That was very disturbing.
  • 0

#7
Deus_Ex_Machina
Posted 02 September 2012 - 08:33 AM

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here is the aswMBR.txt:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-02 10:25:03
-----------------------------
10:25:03.826 OS Version: Windows x64 6.1.7601 Service Pack 1
10:25:03.826 Number of processors: 4 586 0x2A07
10:25:03.826 ComputerName: RUNE UserName:
10:25:05.245 Initialize success
10:25:44.678 AVAST engine defs: 12090200
10:25:57.361 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:25:57.377 Disk 0 Vendor: WDC_WD50 03.0 Size: 476940MB BusType: 3
10:25:57.392 Disk 0 MBR read successfully
10:25:57.392 Disk 0 MBR scan
10:25:57.408 Disk 0 Windows 7 default MBR code
10:25:57.408 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
10:25:57.502 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 431938 MB offset 411648
10:25:57.548 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 885020672
10:25:57.564 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 945829888
10:25:57.611 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 885022720
10:25:57.767 Disk 0 scanning C:\windows\system32\drivers
10:26:10.403 Service scanning
10:26:42.352 Modules scanning
10:26:42.367 Disk 0 trace - called modules:
10:26:42.398 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:26:42.398 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e6b060]
10:26:42.398 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f7d050]
10:26:43.756 AVAST engine scan C:\windows
10:26:47.687 AVAST engine scan C:\windows\system32
10:30:36.711 AVAST engine scan C:\windows\system32\drivers
10:30:50.142 AVAST engine scan C:\Users\operant
10:31:50.889 Disk 0 MBR has been saved successfully to "C:\Users\operant\Desktop\MBR.dat"
10:31:50.920 The log file has been saved successfully to "C:\Users\operant\Desktop\aswMBR.txt"
  • 0

#8
Deus_Ex_Machina
Posted 02 September 2012 - 08:38 AM

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here is the FSS Log:

Farbar Service Scanner Version: 06-08-2012
Ran by operant (administrator) on 02-09-2012 at 10:36:34
Running from "C:\Users\operant\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Thanks again! I also had that YCIII error repeeat, it seemss to be trying to ssave things to the default Boiler plates of that clipboard manager.
  • 0

#9
Essexboy
Posted 02 September 2012 - 08:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you install the Yankee clipper programme ? On completion of this try firewall and windows updates. Then we will ensure that all of incredibar has gone

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O33 - MountPoints2\{4d216aaf-3c60-11e1-82ae-f0def19d5da1}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\begin_here.htm
[2012/09/02 01:47:12 | 000,000,000 | ---- | M] () -- C:\Users\operant\AppData\Local\¹º»¼½¾¿ÀÁÂĂÄÅÆÇÈÉÊË̀ÍÎÏĐÑ̉ÓÔƠÖ×ØÙÚÛÜỮßàáâăäåæçèéêë́íîïđṇ̃óôơö÷øùúûüư₫ÿ

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
"DisplayName"="@%SystemRoot%\\system32\\qmgr.dll,-1000"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%SystemRoot%\\system32\\qmgr.dll,-1001"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"DelayedAutoStart"=dword:00000001
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,45,00,76,00,65,00,\
  6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,\
  00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
  00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,\
  72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,\
  63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library"="bitsperf.dll"
"Open"="PerfMon_Open"
"Collect"="PerfMon_Collect"
"Close"="PerfMon_Close"
"InstallType"=dword:00000001
"PerfIniFile"="bitsctrs.ini"
"First Counter"=dword:000007d2
"Last Counter"=dword:000007e2
"First Help"=dword:000007d3
"Last Help"=dword:000007e3
"Object List"="2002"
"PerfMMFileName"="Global\\MMF_BITS_s"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,\
  00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
  00,00,20,02,00,00,02,00,5c,00,04,00,00,00,00,02,14,00,ff,01,0f,00,01,01,00,\
  00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,\
  00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,02,\
  00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,\
  00,20,02,00,00

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#10
Deus_Ex_Machina
Posted 02 September 2012 - 08:39 AM

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I have to run out but will look for your reply when I return, thank you for all your help! :D
  • 0

Advertisements

#11
Essexboy
Posted 02 September 2012 - 08:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case can you insert this fix between OTL and adwCleaner

FSS reveals a shed load more registry entries missing...

Download the attached Zip file to your desktop
[attachment=60218:Dues.zip]
Extract all registry files to your desktop
Double click each in turn and allow to merge with the registry
Reboot

Then try firewall and updates
  • 0

#12
Deus_Ex_Machina
Posted 03 September 2012 - 01:51 AM

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here is the OTL log, I will run the Dues.Zip next, than follow it up with AdwCleaner.

The OTL log is:

OTL logfile created on: Mon, 03 Sep 2012 03:40:36 - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\operant\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: ddd, dd MMM yyyy

5.92 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 69.68% Memory free
11.83 Gb Paging File | 9.82 Gb Available in Paging File | 82.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 336.86 Gb Free Space | 79.86% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.31 Gb Free Space | 90.73% Space Free | Partition Type: NTFS

Computer Name: RUNE | User Name: operant | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/02 01:47:16 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\operant\Desktop\OTL.exe
PRC - [2012/09/01 04:55:03 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/08/29 02:07:04 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/05/21 02:23:09 | 001,592,160 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Mikogo 4\M4-Capture.exe
PRC - [2012/01/16 06:04:46 | 001,007,472 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Mikogo 4\M4-Service.exe
PRC - [2012/01/14 01:23:50 | 001,517,520 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2011/11/26 14:01:15 | 002,330,624 | ---- | M] () -- C:\Program Files (x86)\FastCheck\FastCheck.exe
PRC - [2011/11/06 01:07:45 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/10/14 02:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/03/06 07:46:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/12/20 06:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 06:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/04 21:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/07/02 14:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2010/03/04 10:30:10 | 000,095,744 | ---- | M] (CrispyBytes Software) -- C:\Program Files (x86)\DateInTray\DateInTray.exe
PRC - [2005/03/10 20:58:06 | 001,368,064 | ---- | M] (inteleXual.com) -- C:\Program Files (x86)\YCIII\YankClip.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/29 02:07:04 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/26 14:01:15 | 002,330,624 | ---- | M] () -- C:\Program Files (x86)\FastCheck\FastCheck.exe
MOD - [2011/11/06 01:07:45 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2010/11/11 06:39:46 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2010/11/11 06:38:44 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/11/02 09:49:46 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/11/02 09:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/11/02 09:34:14 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/30 11:05:42 | 000,311,296 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtLED\RtLEDService.exe -- (RtLedService)
SRV:64bit: - [2010/09/22 14:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/09/01 05:12:13 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/29 02:07:04 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/16 06:04:46 | 001,007,472 | ---- | M] () [Auto | Running] -- C:\Users\operant\AppData\Roaming\Mikogo 4\M4-Service.exe -- (M4-Service)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/03/06 07:46:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/20 06:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 06:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/14 01:23:50 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/11/06 01:19:51 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/11/06 01:19:50 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/10/06 03:00:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/06 03:00:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/06 07:46:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/02/18 04:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/14 09:50:02 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/22 08:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/04 21:39:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/01 01:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/30 02:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 23:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/10/19 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 13:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 18:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)
DRV:64bit: - [2010/09/01 04:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/21 10:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\operant\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7LENN_enUS465
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.type: 4


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\operant\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\operant\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\operant\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/09/01 04:57:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 02:07:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/20 21:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/08/29 13:07:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D1B93C96-F085-11E1-8270-B8AC6F996F26}: C:\Users\operant\AppData\Local\{D1B93C96-F085-11E1-8270-B8AC6F996F26}\ [2012/08/27 16:29:11 | 000,000,000 | ---D | M]

[2012/01/25 09:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\operant\AppData\Roaming\Mozilla\Extensions
[2012/08/28 04:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions
[2012/01/07 11:14:03 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2012/08/13 12:26:16 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/01/25 08:10:14 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/04/01 11:39:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/20 15:00:54 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/01/07 00:38:02 | 000,000,000 | ---D | M] (FavIconReloader) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/07/23 20:20:44 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/05/22 14:22:22 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/05/22 14:22:22 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/01/15 14:13:33 | 000,000,000 | ---D | M] (ooVoo toolbar, powered by Ask.com) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/07/10 22:42:42 | 000,010,316 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\searchplugins\duckduckgo.xml
[2012/09/02 01:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/28 03:03:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/27 16:29:11 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\OPERANT\APPDATA\LOCAL\{D1B93C96-F085-11E1-8270-B8AC6F996F26}
[2012/01/07 00:31:35 | 000,058,343 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{446C03E0-2C35-11DB-A98B-0800200C9A66}.XPI
[2012/08/28 04:11:23 | 000,399,504 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI
[2012/07/10 13:29:10 | 000,135,156 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
[2012/01/21 20:30:26 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/01/07 12:48:19 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/07/21 13:19:19 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/08/25 14:50:47 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012/01/09 11:53:09 | 000,091,556 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI
[2012/08/10 04:03:03 | 000,048,692 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/07/10 13:29:09 | 000,009,954 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/08/15 01:47:46 | 000,053,565 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/07 12:48:19 | 000,006,496 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/06 23:39:14 | 000,113,783 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/07/03 09:27:29 | 000,087,157 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/06 23:39:14 | 000,002,656 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/06 23:39:14 | 000,009,063 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/14 18:34:25 | 000,006,099 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/09 11:53:09 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/08/29 02:07:04 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 02:07:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/29 02:07:04 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.439_0\npbrowserext.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\operant\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Skype Click to Call = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: Skype Click to Call = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\

O1 HOSTS File: ([2012/09/03 03:30:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QT Lite\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [cdloader] C:\Users\operant\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [DateInTray] C:\Program Files (x86)\DateInTray\DateInTray.exe (CrispyBytes Software)
O4 - HKCU..\Run: [eFax 4.4] C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastCheck.lnk = C:\Program Files (x86)\FastCheck\FastCheck.exe ()
O4 - Startup: C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yankee Clipper III.lnk = C:\Program Files (x86)\YCIII\YankClip.exe (inteleXual.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{797338DD-4CC7-4132-84DF-ED122EB66430}: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5ed30af1-43b5-11e1-9df4-f0def19d5da1}\Shell - "" = AutoRun
O33 - MountPoints2\{5ed30af1-43b5-11e1-9df4-f0def19d5da1}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b7951c20-3f7a-11e1-88b7-f0def19d5da1}\Shell - "" = AutoRun
O33 - MountPoints2\{b7951c20-3f7a-11e1-88b7-f0def19d5da1}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\E\Shell\phone\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (dfboottime \??\C:\windows\System32\dfboottime.cfg)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (FbDefrag)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/03 03:30:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/02 10:05:01 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\operant\Desktop\FSS.exe
[2012/09/02 10:04:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\operant\Desktop\aswMBR.exe
[2012/09/02 02:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/09/02 02:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012/09/02 01:47:14 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\operant\Desktop\OTL.exe
[2012/09/02 01:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/02 01:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/01 05:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/30 14:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/08/28 03:42:18 | 000,000,000 | ---D | C] -- C:\Users\operant\Desktop\Temp spot for updates
[2012/08/28 02:46:57 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Roaming\Malwarebytes
[2012/08/28 02:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/28 02:46:45 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/08/28 02:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/28 02:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/27 16:29:11 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\{D1B93C96-F085-11E1-8270-B8AC6F996F26}
[2012/08/24 22:35:07 | 000,000,000 | ---D | C] -- C:\Users\operant\Documents\My Digital Editions
[2012/08/24 22:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/08/24 22:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/08/20 21:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/08/20 21:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/08/20 21:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/08/20 21:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/08/20 21:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/08/20 21:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/08/20 21:35:39 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\Microsoft Help
[2012/08/20 21:35:09 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/08/20 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\{CC5A59D5-1028-4A61-8516-B4E04D7693EA}
[2012/08/20 21:01:52 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Roaming\Windows Live Writer
[2012/08/20 21:01:52 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\Windows Live Writer
[2012/08/09 12:28:47 | 000,000,000 | ---D | C] -- C:\Users\operant\Desktop\The Code Teacher
[2012/08/07 16:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012/08/07 16:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012/08/06 21:30:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012/08/04 11:05:28 | 000,000,000 | R--D | C] -- C:\Users\operant\Desktop\

========== Files - Modified Within 30 Days ==========

[2012/09/03 03:43:40 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 03:43:40 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 03:42:57 | 000,786,790 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/03 03:42:57 | 000,665,600 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/03 03:42:57 | 000,123,336 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/03 03:42:18 | 000,511,265 | ---- | M] () -- C:\Users\operant\Desktop\adwcleaner.exe
[2012/09/03 03:42:01 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/03 03:42:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/03 03:36:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/03 03:36:13 | 469,348,351 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/03 03:33:39 | 000,000,322 | ---- | M] () -- C:\windows\tasks\PrintProjects Communicator.job
[2012/09/03 03:30:39 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2012/09/02 13:15:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1896445519-1314585514-2017666467-1001UA.job
[2012/09/02 13:07:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/02 10:31:50 | 000,000,512 | ---- | M] () -- C:\Users\operant\Desktop\MBR.dat
[2012/09/02 10:05:05 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\operant\Desktop\FSS.exe
[2012/09/02 10:04:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\operant\Desktop\aswMBR.exe
[2012/09/02 05:14:52 | 000,002,459 | ---- | M] () -- C:\Users\operant\Desktop\Google Chrome.lnk
[2012/09/02 02:28:27 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012/09/02 01:47:16 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\operant\Desktop\OTL.exe
[2012/09/02 01:34:12 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/02 01:33:58 | 000,800,766 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/08/31 21:14:00 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1896445519-1314585514-2017666467-1001Core.job
[2012/08/29 13:07:51 | 000,002,114 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/08/29 10:11:50 | 000,001,441 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/28 03:13:06 | 000,000,854 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/08/28 02:46:46 | 000,001,137 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/25 04:27:29 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/08/24 22:35:00 | 000,002,206 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/08/24 22:35:00 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2012/08/23 18:30:03 | 000,001,137 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/22 20:16:45 | 000,198,812 | ---- | M] () -- C:\Users\operant\Desktop\B008S129XY_EBOK.azw
[2012/08/21 10:59:37 | 000,470,896 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/21 00:23:26 | 000,001,998 | ---- | M] () -- C:\Users\operant\Desktop\Kindle.lnk
[2012/08/20 21:07:31 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/08/20 20:54:21 | 000,007,680 | ---- | M] () -- C:\Users\operant\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/13 17:29:26 | 000,087,184 | ---- | M] () -- C:\Users\operant\Desktop\Capital One Online Banking - 13aug2012.pdf
[2012/08/13 15:12:55 | 000,077,457 | ---- | M] () -- C:\Users\operant\Desktop\Newegg.com - Acer Aspire AX1920-UR20P.pdf
[2012/08/11 13:53:55 | 000,555,293 | ---- | M] () -- C:\Users\operant\Desktop\Acer_CONS_WTY_DOC_1_YR_MICI_US_CA_MX_LA_46.AD148.008_021312.pdf
[2012/08/09 18:39:25 | 000,001,002 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yankee Clipper III.lnk
[2012/08/09 15:09:40 | 000,106,437 | ---- | M] () -- C:\Users\operant\Desktop\SnapshotStargateCapel_001.jpg
[2012/08/09 10:38:41 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/07 20:30:27 | 000,079,414 | ---- | M] () -- C:\Users\operant\Desktop\Staples.com® _ Printable Order Summary.pdf
[2012/08/07 16:28:12 | 000,087,695 | ---- | M] () -- C:\Users\operant\Desktop\Capital One Online Banking.pdf
[2012/08/07 16:27:43 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012/08/07 16:27:43 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/08/07 14:04:26 | 000,144,949 | ---- | M] () -- C:\Users\operant\Desktop\Snapshot for Gate in Capel_001.jpg
[2012/08/06 21:53:03 | 000,035,994 | ---- | M] () -- C:\Users\operant\Desktop\New Rich Text Document.odt
[2012/08/06 21:29:57 | 000,000,007 | ---- | M] () -- C:\Users\operant\Desktop\New Rich Text Document.rtf
[2012/08/06 15:29:28 | 000,080,955 | R--- | M] () -- C:\Users\operant\Desktop\189.pdf
[2012/08/06 13:49:26 | 000,542,419 | R--- | M] () -- C:\Users\operant\Desktop\13.pdf

========== Files Created - No Company Name ==========

[2012/09/03 03:42:02 | 000,511,265 | ---- | C] () -- C:\Users\operant\Desktop\adwcleaner.exe
[2012/09/02 10:31:50 | 000,000,512 | ---- | C] () -- C:\Users\operant\Desktop\MBR.dat
[2012/09/02 02:28:27 | 000,001,286 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012/09/02 01:33:59 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/01 04:59:21 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/30 14:29:50 | 000,016,384 | ---- | C] () -- C:\windows\SysWow64\FileOps.exe
[2012/08/28 03:13:06 | 000,000,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/08/28 02:46:46 | 000,001,137 | ---- | C] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/24 22:35:00 | 000,002,206 | ---- | C] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/08/24 22:35:00 | 000,002,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/08/24 22:35:00 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2012/08/22 21:14:04 | 000,198,812 | ---- | C] () -- C:\Users\operant\Desktop\B008S129XY_EBOK.azw
[2012/08/20 21:47:05 | 000,001,137 | ---- | C] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/13 17:29:25 | 000,087,184 | ---- | C] () -- C:\Users\operant\Desktop\Capital One Online Banking - 13aug2012.pdf
[2012/08/13 15:12:54 | 000,077,457 | ---- | C] () -- C:\Users\operant\Desktop\Newegg.com - Acer Aspire AX1920-UR20P.pdf
[2012/08/11 13:53:55 | 000,555,293 | ---- | C] () -- C:\Users\operant\Desktop\Acer_CONS_WTY_DOC_1_YR_MICI_US_CA_MX_LA_46.AD148.008_021312.pdf
[2012/08/09 15:09:40 | 000,106,437 | ---- | C] () -- C:\Users\operant\Desktop\SnapshotStargateCapel_001.jpg
[2012/08/07 20:30:26 | 000,079,414 | ---- | C] () -- C:\Users\operant\Desktop\Staples.com® _ Printable Order Summary.pdf
[2012/08/07 16:28:11 | 000,087,695 | ---- | C] () -- C:\Users\operant\Desktop\Capital One Online Banking.pdf
[2012/08/07 16:27:43 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012/08/07 16:27:43 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/08/07 14:04:26 | 000,144,949 | ---- | C] () -- C:\Users\operant\Desktop\Snapshot for Gate in Capel_001.jpg
[2012/08/06 21:53:01 | 000,035,994 | ---- | C] () -- C:\Users\operant\Desktop\New Rich Text Document.odt
[2012/08/06 21:29:57 | 000,000,007 | ---- | C] () -- C:\Users\operant\Desktop\New Rich Text Document.rtf
[2012/08/06 15:29:30 | 000,080,955 | R--- | C] () -- C:\Users\operant\Desktop\189.pdf
[2012/08/06 13:49:28 | 000,542,419 | R--- | C] () -- C:\Users\operant\Desktop\13.pdf
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/02/03 20:25:51 | 000,007,680 | ---- | C] () -- C:\Users\operant\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/30 15:24:51 | 000,800,766 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/27 10:50:23 | 000,000,000 | ---- | C] () -- C:\Users\operant\shutdown_info.xml
[2012/01/16 23:02:05 | 000,079,872 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2012/01/14 01:14:44 | 000,015,200 | ---- | C] () -- C:\windows\Q-Dir.ini
[2011/11/06 09:49:28 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll
[2011/11/06 09:49:28 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS
[2011/11/06 09:49:27 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll
[2011/11/06 09:49:27 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll
[2011/11/06 09:49:27 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll
[2011/11/06 09:49:27 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll
[2011/11/06 09:49:27 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll
[2011/11/06 09:49:27 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe
[2011/11/06 09:49:27 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe
[2011/11/06 09:49:27 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE
[2011/11/06 09:49:27 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE
[2011/11/06 09:49:26 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys
[2011/11/06 01:02:31 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011/11/06 01:02:31 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/11/06 01:02:31 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/11/06 01:02:31 | 000,466,944 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011/11/06 01:02:26 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/11/06 00:48:54 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2011/11/06 00:48:54 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2011/04/13 23:01:19 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/13 22:51:06 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/07/30 14:13:00 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Bitcoin
[2012/02/03 20:35:07 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Blackberry Desktop
[2012/08/25 04:29:56 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\calibre
[2012/01/16 20:40:33 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\DelinvFile
[2012/04/17 09:33:32 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\eFax Messenger
[2012/01/20 20:24:12 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Firestorm
[2012/05/03 23:42:53 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Foxit Software
[2012/07/13 13:08:16 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\GoodSync
[2012/04/17 09:32:56 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\j2 Global
[2012/02/15 07:36:03 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Jaangle
[2012/01/12 12:48:27 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Leadertech
[2012/01/22 23:34:16 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\LibreOffice
[2012/05/21 02:23:27 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Mikogo 4
[2012/06/11 21:06:44 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\mjusbsp
[2012/01/15 14:13:51 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\ooVoo Details
[2012/08/07 16:27:42 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\pdfforge
[2012/01/27 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\PerfView
[2012/01/14 01:16:50 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Q-Dir
[2012/02/03 20:24:40 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Research In Motion
[2012/07/25 01:03:29 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\SecondLife
[2012/05/31 12:13:38 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Temp
[2012/01/07 07:21:49 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Thunderbird
[2012/01/19 17:19:05 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\TrueCrypt
[2012/08/22 23:16:32 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\uTorrent
[2012/05/31 12:22:49 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Visan
[2012/08/20 21:01:52 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Windows Live Writer
[2012/09/02 03:54:17 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\XnView
[2012/09/03 03:33:39 | 000,000,322 | ---- | M] () -- C:\windows\Tasks\PrintProjects Communicator.job
[2012/05/19 23:20:05 | 000,032,620 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Now I will do the Dues.Zip.
  • 0

#13
Deus_Ex_Machina
Posted 03 September 2012 - 02:24 AM

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Below is the AdwCleaner log. I did the Dues.Zip registry entries, ran windows update, rebooted, and still I cannot turn on my Firewall. I am very concerned by this. You mentioned I was missing many registry entries, ddo you think I should prepare for a reinstall/reset of this machine?
Thanks again for your help. :)

AdwCleaner log:

# AdwCleaner v2.000 - Logfile created 09/03/2012 at 04:18:15
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : operant - RUNE
# Boot Mode : Normal
# Running from : C:\Users\operant\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files\pdfforge
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdfforge
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\operant\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
Folder Deleted : C:\Users\operant\AppData\Roaming\pdfforge
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\prefs.js

C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\user.js ... Deleted !

Deleted : user_pref("[email protected]", true);
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.cntry", "US");
Deleted : user_pref("extensions.incredibar.dfltLng", "");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.did", "10659");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "EDA006D5FC60739533E34448C6860B86");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.id", "1869928600000000000074e50b65a757");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15514");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1413:53:16");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "123%5F1");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.propectorlck", 79034138);
Deleted : user_pref("extensions.incredibar.prtkHmpg", 1);
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.upn2", "6PQBmR1opX");
Deleted : user_pref("extensions.incredibar.upn2n", "92543111169050737");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1413:53:16");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10659");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "1869928600000000000074e50b65a757");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15514");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "123%5F1");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQBmR1opX&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQBmR1opX");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92543111169050737");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:53:16");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.ntk.HISTORY", "[{\"title\":\"Mozilla Firefox Challenge | Fundraising Event on [...]
Deleted : user_pref("[email protected]", true);

-\\ Google Chrome v21.0.1180.89

File : C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9327 octets] - [03/09/2012 04:18:15]

########## EOF - C:\AdwCleaner[S1].txt - [9387 octets] ##########
  • 0

#14
Deus_Ex_Machina
Posted 03 September 2012 - 02:27 AM

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
The error message I get when I try to use the recommended settings on my Firewall is: Windows firewall cannot change some of your setting. Error Code 0x8007042c.
  • 0

#15
Essexboy
Posted 03 September 2012 - 07:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you download the attached Repair.bat to your desktop
[attachment=60225:repair.bat]
Then right click the batch file and select run as administrator
Once it has completed let me know of any errors generated
Reboot and run a fresh FSS scan please
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP