Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop Infected, Firewall Compromised, MSE was disabled, FOS and Seri


  • This topic is locked This topic is locked

#16
Deus_Ex_Machina

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I ran repair.bat as instructed and I got the following error messages:

OpenService FAILED 1060: The specified service does not exist as an installed service.

The Windows Firewall Service is not started. More Help is available by typing NET HELPMSG 3521.

System Error 1068 has occurred. The dependancy service or group failed to start.

The following Services are dependant on the CNG KeyIsolation Service. Stopping the CNG Key Isolation Service also stop these services.
WLAN Autoconfig
Extensible Authentication Protocol

Do you want to continue this operation? <Y/N> [N]:

At that point I just closed the program by using the X in the top right corner of its window. I wasn't sure what else to do.


I also have all these error messages popping up from YC III. I did install the Yankee Clipper III clipboard manager (YC III) and have been using it for years. My concern is that it is behaving oddly due to an outside action trying to access my clipboard or using some copy function. I also ran FSS as instructed, the log is below.



The FSS log is:

Farbar Service Scanner Version: 06-08-2012
Ran by operant (administrator) on 03-09-2012 at 13:16:15
Running from "C:\Users\operant\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

Advertisements


#17
Deus_Ex_Machina

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I also uninstalled, rebooted, and reinstalled Yankee Clipper III. I did a complete uninstall. Even my boilerplates are now gone. I can rebuild them. I will post if errors occur again.
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I am just checking out some dependencies as a lot of services are not running .. Back in a bit
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets check the rpc service

  • Run OTL.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs /s
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows.
  • Post this log

  • 0

#20
Deus_Ex_Machina

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Did it, here is the log it created:

OTL logfile created on: Mon, 03 Sep 2012 17:17:34 - Run 4
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\operant\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: ddd, dd MMM yyyy

5.92 Gb Total Physical Memory | 3.97 Gb Available Physical Memory | 67.12% Memory free
11.83 Gb Paging File | 9.70 Gb Available in Paging File | 82.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 336.89 Gb Free Space | 79.87% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.31 Gb Free Space | 90.73% Space Free | Partition Type: NTFS

Computer Name: RUNE | User Name: operant | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/02 01:47:16 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\operant\Desktop\OTL.exe
PRC - [2012/09/01 04:55:03 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/08/29 02:07:04 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/05/21 02:23:09 | 001,592,160 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Mikogo 4\M4-Capture.exe
PRC - [2012/01/16 06:04:46 | 001,007,472 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Mikogo 4\M4-Service.exe
PRC - [2012/01/14 01:23:50 | 001,517,520 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2011/11/26 14:01:15 | 002,330,624 | ---- | M] () -- C:\Program Files (x86)\FastCheck\FastCheck.exe
PRC - [2011/11/06 01:07:45 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/10/14 02:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/03/06 07:46:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/12/20 06:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 06:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/04 21:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/07/02 14:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2010/03/04 10:30:10 | 000,095,744 | ---- | M] (CrispyBytes Software) -- C:\Program Files (x86)\DateInTray\DateInTray.exe
PRC - [2005/03/10 19:58:06 | 001,368,064 | ---- | M] (inteleXual.com) -- C:\Program Files (x86)\YCIII\YankClip.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/29 02:07:04 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/26 14:01:15 | 002,330,624 | ---- | M] () -- C:\Program Files (x86)\FastCheck\FastCheck.exe
MOD - [2011/11/06 01:07:45 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2010/11/11 06:39:46 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2010/11/11 06:38:44 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/11/02 09:49:46 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/11/02 09:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/11/02 09:34:14 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/30 11:05:42 | 000,311,296 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtLED\RtLEDService.exe -- (RtLedService)
SRV:64bit: - [2010/09/22 14:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/01 05:12:13 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/29 02:07:04 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/16 06:04:46 | 001,007,472 | ---- | M] () [Auto | Running] -- C:\Users\operant\AppData\Roaming\Mikogo 4\M4-Service.exe -- (M4-Service)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/03/06 07:46:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/20 06:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 06:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/14 01:23:50 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/11/06 01:19:51 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/11/06 01:19:50 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/10/06 03:00:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/06 03:00:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/06 07:46:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/02/18 04:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/14 09:50:02 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/22 08:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/04 21:39:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/01 01:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/30 02:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 23:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/10/19 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 13:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 18:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)
DRV:64bit: - [2010/09/01 04:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/21 10:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\operant\Downloads
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7LENN_enUS465
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\operant\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\operant\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\operant\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/09/01 04:57:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 02:07:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/20 21:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/08/29 13:07:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D1B93C96-F085-11E1-8270-B8AC6F996F26}: C:\Users\operant\AppData\Local\{D1B93C96-F085-11E1-8270-B8AC6F996F26}\ [2012/08/27 16:29:11 | 000,000,000 | ---D | M]

[2012/01/25 09:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\operant\AppData\Roaming\Mozilla\Extensions
[2012/09/03 04:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions
[2012/01/07 11:14:03 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2012/08/13 12:26:16 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/01/25 08:10:14 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/04/01 11:39:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/20 15:00:54 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/01/07 00:38:02 | 000,000,000 | ---D | M] (FavIconReloader) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/07/23 20:20:44 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/05/22 14:22:22 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/05/22 14:22:22 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\extensions\[email protected]
[2012/07/10 22:42:42 | 000,010,316 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Mozilla\Firefox\Profiles\grzwho96.default\searchplugins\duckduckgo.xml
[2012/09/02 01:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/28 03:03:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/27 16:29:11 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\OPERANT\APPDATA\LOCAL\{D1B93C96-F085-11E1-8270-B8AC6F996F26}
[2012/01/07 00:31:35 | 000,058,343 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{446C03E0-2C35-11DB-A98B-0800200C9A66}.XPI
[2012/08/28 04:11:23 | 000,399,504 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI
[2012/07/10 13:29:10 | 000,135,156 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
[2012/01/21 20:30:26 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/01/07 12:48:19 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/07/21 13:19:19 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/08/25 14:50:47 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012/01/09 11:53:09 | 000,091,556 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI
[2012/08/10 04:03:03 | 000,048,692 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/07/10 13:29:09 | 000,009,954 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/08/15 01:47:46 | 000,053,565 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/07 12:48:19 | 000,006,496 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/06 23:39:14 | 000,113,783 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/07/03 09:27:29 | 000,087,157 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/06 23:39:14 | 000,002,656 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/06 23:39:14 | 000,009,063 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/14 18:34:25 | 000,006,099 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/01/09 11:53:09 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\OPERANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GRZWHO96.DEFAULT\EXTENSIONS\[email protected]
[2012/08/29 02:07:04 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 02:07:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/29 02:07:04 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.439_0\npbrowserext.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\operant\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Skype Click to Call = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: Skype Click to Call = C:\Users\operant\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\

O1 HOSTS File: ([2012/09/03 03:30:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\Toolbar\ShellBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\Toolbar\ShellBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QT Lite\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001..\Run: [cdloader] C:\Users\operant\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001..\Run: [DateInTray] C:\Program Files (x86)\DateInTray\DateInTray.exe (CrispyBytes Software)
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001..\Run: [eFax 4.4] C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastCheck.lnk = C:\Program Files (x86)\FastCheck\FastCheck.exe ()
O4 - Startup: C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yankee Clipper III.lnk = C:\Program Files (x86)\YCIII\YankClip.exe (inteleXual.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1896445519-1314585514-2017666467-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{797338DD-4CC7-4132-84DF-ED122EB66430}: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5ed30af1-43b5-11e1-9df4-f0def19d5da1}\Shell - "" = AutoRun
O33 - MountPoints2\{5ed30af1-43b5-11e1-9df4-f0def19d5da1}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b7951c20-3f7a-11e1-88b7-f0def19d5da1}\Shell - "" = AutoRun
O33 - MountPoints2\{b7951c20-3f7a-11e1-88b7-f0def19d5da1}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\E\Shell\phone\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (dfboottime \??\C:\windows\System32\dfboottime.cfg)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (FbDefrag)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2012/09/03 13:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YCIII
[2012/09/03 03:30:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/02 10:05:01 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\operant\Desktop\FSS.exe
[2012/09/02 10:04:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\operant\Desktop\aswMBR.exe
[2012/09/02 02:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/09/02 02:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012/09/02 01:47:14 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\operant\Desktop\OTL.exe
[2012/09/02 01:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/02 01:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/01 05:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/30 14:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/08/28 03:42:18 | 000,000,000 | ---D | C] -- C:\Users\operant\Desktop\Temp spot for updates
[2012/08/28 02:46:57 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Roaming\Malwarebytes
[2012/08/28 02:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/28 02:46:45 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/08/28 02:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/28 02:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/27 16:29:11 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\{D1B93C96-F085-11E1-8270-B8AC6F996F26}
[2012/08/24 22:35:07 | 000,000,000 | ---D | C] -- C:\Users\operant\Documents\My Digital Editions
[2012/08/24 22:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/08/24 22:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/08/20 21:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/08/20 21:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/08/20 21:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/08/20 21:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/08/20 21:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/08/20 21:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/08/20 21:35:39 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\Microsoft Help
[2012/08/20 21:35:09 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/08/20 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\{CC5A59D5-1028-4A61-8516-B4E04D7693EA}
[2012/08/20 21:01:52 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Roaming\Windows Live Writer
[2012/08/20 21:01:52 | 000,000,000 | ---D | C] -- C:\Users\operant\AppData\Local\Windows Live Writer
[2012/08/09 12:28:47 | 000,000,000 | ---D | C] -- C:\Users\operant\Desktop\The Code Teacher
[2012/08/07 16:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012/08/07 16:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012/08/06 21:30:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun

========== Files - Modified Within 30 Days ==========

[2012/09/03 17:14:16 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1896445519-1314585514-2017666467-1001UA.job
[2012/09/03 17:14:16 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/03 17:14:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/03 17:14:06 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/03 16:33:00 | 000,000,322 | ---- | M] () -- C:\windows\tasks\PrintProjects Communicator.job
[2012/09/03 13:42:04 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 13:42:04 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 13:39:36 | 000,786,790 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/03 13:39:36 | 000,665,600 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/03 13:39:36 | 000,123,336 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/03 13:35:42 | 000,000,964 | ---- | M] () -- C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yankee Clipper III.lnk
[2012/09/03 13:35:08 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/03 13:34:40 | 469,348,351 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/03 12:56:39 | 000,000,402 | ---- | M] () -- C:\Users\operant\Desktop\repair.bat
[2012/09/03 03:48:34 | 000,034,109 | ---- | M] () -- C:\Users\operant\Desktop\Dues.zip
[2012/09/03 03:42:18 | 000,511,265 | ---- | M] () -- C:\Users\operant\Desktop\adwcleaner.exe
[2012/09/03 03:30:39 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2012/09/02 10:31:50 | 000,000,512 | ---- | M] () -- C:\Users\operant\Desktop\MBR.dat
[2012/09/02 10:05:05 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\operant\Desktop\FSS.exe
[2012/09/02 10:04:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\operant\Desktop\aswMBR.exe
[2012/09/02 05:14:52 | 000,002,459 | ---- | M] () -- C:\Users\operant\Desktop\Google Chrome.lnk
[2012/09/02 02:28:27 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012/09/02 01:47:16 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\operant\Desktop\OTL.exe
[2012/09/02 01:34:12 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/02 01:33:58 | 000,800,766 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/08/31 21:14:00 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1896445519-1314585514-2017666467-1001Core.job
[2012/08/29 13:07:51 | 000,002,114 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/08/29 10:11:50 | 000,001,441 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/28 03:13:06 | 000,000,854 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/08/28 02:46:46 | 000,001,137 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/25 04:27:29 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/08/24 22:35:00 | 000,002,206 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/08/24 22:35:00 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2012/08/23 18:30:03 | 000,001,137 | ---- | M] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/22 20:16:45 | 000,198,812 | ---- | M] () -- C:\Users\operant\Desktop\B008S129XY_EBOK.azw
[2012/08/21 10:59:37 | 000,470,896 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/21 00:23:26 | 000,001,998 | ---- | M] () -- C:\Users\operant\Desktop\Kindle.lnk
[2012/08/20 21:07:31 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/08/20 20:54:21 | 000,007,680 | ---- | M] () -- C:\Users\operant\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/13 17:29:26 | 000,087,184 | ---- | M] () -- C:\Users\operant\Desktop\Capital One Online Banking - 13aug2012.pdf
[2012/08/13 15:12:55 | 000,077,457 | ---- | M] () -- C:\Users\operant\Desktop\Newegg.com - Acer Aspire AX1920-UR20P.pdf
[2012/08/11 13:53:55 | 000,555,293 | ---- | M] () -- C:\Users\operant\Desktop\Acer_CONS_WTY_DOC_1_YR_MICI_US_CA_MX_LA_46.AD148.008_021312.pdf
[2012/08/09 15:09:40 | 000,106,437 | ---- | M] () -- C:\Users\operant\Desktop\SnapshotStargateCapel_001.jpg
[2012/08/09 10:38:41 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/07 20:30:27 | 000,079,414 | ---- | M] () -- C:\Users\operant\Desktop\Staples.com® _ Printable Order Summary.pdf
[2012/08/07 16:28:12 | 000,087,695 | ---- | M] () -- C:\Users\operant\Desktop\Capital One Online Banking.pdf
[2012/08/07 16:27:43 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012/08/07 16:27:43 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/08/07 14:04:26 | 000,144,949 | ---- | M] () -- C:\Users\operant\Desktop\Snapshot for Gate in Capel_001.jpg
[2012/08/06 21:53:03 | 000,035,994 | ---- | M] () -- C:\Users\operant\Desktop\New Rich Text Document.odt
[2012/08/06 21:29:57 | 000,000,007 | ---- | M] () -- C:\Users\operant\Desktop\New Rich Text Document.rtf
[2012/08/06 15:29:28 | 000,080,955 | R--- | M] () -- C:\Users\operant\Desktop\189.pdf
[2012/08/06 13:49:26 | 000,542,419 | R--- | M] () -- C:\Users\operant\Desktop\13.pdf

========== Files Created - No Company Name ==========

[2012/09/03 13:35:42 | 000,000,964 | ---- | C] () -- C:\Users\operant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yankee Clipper III.lnk
[2012/09/03 13:35:42 | 000,000,940 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yankee Clipper III.lnk
[2012/09/03 12:56:38 | 000,000,402 | ---- | C] () -- C:\Users\operant\Desktop\repair.bat
[2012/09/03 03:48:33 | 000,034,109 | ---- | C] () -- C:\Users\operant\Desktop\Dues.zip
[2012/09/03 03:42:02 | 000,511,265 | ---- | C] () -- C:\Users\operant\Desktop\adwcleaner.exe
[2012/09/02 10:31:50 | 000,000,512 | ---- | C] () -- C:\Users\operant\Desktop\MBR.dat
[2012/09/02 02:28:27 | 000,001,286 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012/09/02 01:33:59 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/01 04:59:21 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/30 14:29:50 | 000,016,384 | ---- | C] () -- C:\windows\SysWow64\FileOps.exe
[2012/08/28 03:13:06 | 000,000,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/08/28 02:46:46 | 000,001,137 | ---- | C] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/24 22:35:00 | 000,002,206 | ---- | C] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/08/24 22:35:00 | 000,002,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/08/24 22:35:00 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2012/08/22 21:14:04 | 000,198,812 | ---- | C] () -- C:\Users\operant\Desktop\B008S129XY_EBOK.azw
[2012/08/20 21:47:05 | 000,001,137 | ---- | C] () -- C:\Users\operant\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/13 17:29:25 | 000,087,184 | ---- | C] () -- C:\Users\operant\Desktop\Capital One Online Banking - 13aug2012.pdf
[2012/08/13 15:12:54 | 000,077,457 | ---- | C] () -- C:\Users\operant\Desktop\Newegg.com - Acer Aspire AX1920-UR20P.pdf
[2012/08/11 13:53:55 | 000,555,293 | ---- | C] () -- C:\Users\operant\Desktop\Acer_CONS_WTY_DOC_1_YR_MICI_US_CA_MX_LA_46.AD148.008_021312.pdf
[2012/08/09 15:09:40 | 000,106,437 | ---- | C] () -- C:\Users\operant\Desktop\SnapshotStargateCapel_001.jpg
[2012/08/07 20:30:26 | 000,079,414 | ---- | C] () -- C:\Users\operant\Desktop\Staples.com® _ Printable Order Summary.pdf
[2012/08/07 16:28:11 | 000,087,695 | ---- | C] () -- C:\Users\operant\Desktop\Capital One Online Banking.pdf
[2012/08/07 16:27:43 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012/08/07 16:27:43 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/08/07 14:04:26 | 000,144,949 | ---- | C] () -- C:\Users\operant\Desktop\Snapshot for Gate in Capel_001.jpg
[2012/08/06 21:53:01 | 000,035,994 | ---- | C] () -- C:\Users\operant\Desktop\New Rich Text Document.odt
[2012/08/06 21:29:57 | 000,000,007 | ---- | C] () -- C:\Users\operant\Desktop\New Rich Text Document.rtf
[2012/08/06 15:29:30 | 000,080,955 | R--- | C] () -- C:\Users\operant\Desktop\189.pdf
[2012/08/06 13:49:28 | 000,542,419 | R--- | C] () -- C:\Users\operant\Desktop\13.pdf
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/02/03 20:25:51 | 000,007,680 | ---- | C] () -- C:\Users\operant\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/30 15:24:51 | 000,800,766 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/27 10:50:23 | 000,000,000 | ---- | C] () -- C:\Users\operant\shutdown_info.xml
[2012/01/16 23:02:05 | 000,079,872 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2012/01/14 01:14:44 | 000,015,200 | ---- | C] () -- C:\windows\Q-Dir.ini
[2011/11/06 09:49:28 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll
[2011/11/06 09:49:28 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS
[2011/11/06 09:49:27 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll
[2011/11/06 09:49:27 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll
[2011/11/06 09:49:27 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll
[2011/11/06 09:49:27 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll
[2011/11/06 09:49:27 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll
[2011/11/06 09:49:27 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe
[2011/11/06 09:49:27 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe
[2011/11/06 09:49:27 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE
[2011/11/06 09:49:27 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE
[2011/11/06 09:49:26 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys
[2011/11/06 01:02:31 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011/11/06 01:02:31 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/11/06 01:02:31 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/11/06 01:02:31 | 000,466,944 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011/11/06 01:02:26 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/11/06 00:48:54 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2011/11/06 00:48:54 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2011/04/13 23:01:19 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/13 22:51:06 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/07/21 11:12:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2012/07/21 11:12:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2012/07/30 14:13:00 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Bitcoin
[2012/02/03 20:35:07 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Blackberry Desktop
[2012/08/25 04:29:56 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\calibre
[2012/01/16 20:40:33 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\DelinvFile
[2012/04/17 09:33:32 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\eFax Messenger
[2012/01/20 20:24:12 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Firestorm
[2012/05/03 23:42:53 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Foxit Software
[2012/07/13 13:08:16 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\GoodSync
[2012/04/17 09:32:56 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\j2 Global
[2012/02/15 07:36:03 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Jaangle
[2012/01/12 12:48:27 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Leadertech
[2012/01/22 23:34:16 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\LibreOffice
[2012/05/21 02:23:27 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Mikogo 4
[2012/06/11 21:06:44 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\mjusbsp
[2012/01/15 14:13:51 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\ooVoo Details
[2012/01/27 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\PerfView
[2012/01/14 01:16:50 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Q-Dir
[2012/02/03 20:24:40 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Research In Motion
[2012/07/25 01:03:29 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\SecondLife
[2012/05/31 12:13:38 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Temp
[2012/01/07 07:21:49 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Thunderbird
[2012/01/19 17:19:05 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\TrueCrypt
[2012/08/22 23:16:32 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\uTorrent
[2012/05/31 12:22:49 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Visan
[2012/08/20 21:01:52 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\Windows Live Writer
[2012/09/02 03:54:17 | 000,000,000 | ---D | M] -- C:\Users\operant\AppData\Roaming\XnView
[2012/09/03 16:33:00 | 000,000,322 | ---- | M] () -- C:\windows\Tasks\PrintProjects Communicator.job
[2012/05/19 23:20:05 | 000,032,620 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs /s >
"DisplayName" = @oleres.dll,-5010
"Group" = COM Infrastructure
"ImagePath" = %SystemRoot%\system32\svchost.exe -k rpcss -- [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @oleres.dll,-5011
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = RpcEptMapperDcomLaunch [binary data]
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 60 EA 00 00 [binary data]
"RequiredPrivileges" = [Binary data over 100 bytes]
"ServiceSidType" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs\Parameters]
"ServiceDll" = %SystemRoot%\system32\rpcss.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs\Security]
"Security" = [Binary data over 100 bytes]

< End of report >
  • 0

#21
Deus_Ex_Machina

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I did install the free Comodo Firewall, so I have something up, hopefully. Also, the Yankee Clipper program is acting up again. I think it is possible it is related to the missing registry entry problem.
  • 0

#22
Deus_Ex_Machina

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I also tried a solution I found at
http://www.sevenforu...firewall-2.html
Below is the text of the post I followed.


Balon


Windows 7 Home Premium 64bit
12 posts




Hello there, this will help you.
Hi there, my name is Balon and I am pretty sure I have the way to fix your problem.

IT IS SUGGESTED YOU BACKUP YOUR REGISTRY BEFORE PROCEEDING

Backing Up Your Registry

Go Here and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
Make sure that at least the first two check boxes are ticked
Press OK
Press YES to create the folder.

Registry Modifications



Download both the registry files

bfe.reg

firewall.reg

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service

For further assistance contact me here, I will be checking this thread every few hours, this worked for me and it should work for you too.
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run FSS again please and let me know what the current problems are
  • 0

#24
Deus_Ex_Machina

Deus_Ex_Machina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I still cannot restore the Windows Firewall, I still have the same issues with Yankee Clipper III. I have posted below the scan requested. Thanks.


Farbar Service Scanner Version: 06-08-2012
Ran by operant (administrator) on 04-09-2012 at 11:41:17
Running from "C:\Users\operant\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah ha ... We may have a solution that MS has hidden

Go here and run the fixit on the page

What is the exact problem with clipper
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP