Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser Hijack [Solved]

Started by eaglet , Nov 15 2012 08:52 AM

  • This topic is locked This topic is locked

#1
eaglet
Posted 15 November 2012 - 08:52 AM

eaglet

    Member

  • Member
  • PipPip
  • 55 posts
I am running Windows 8 and I recently inadvertently downloaded and installed two programs to my laptop. One is called Claro and the other is called Funmoods. I have tried uninstalling them without success. I use both Firefox and Internet Explorer browsers but they both seem to have been infected by these programs.
Initially I found that every time I started Firefox I was getting a Claro search page. When I looked in about:config I found that there were many new lines that this program had put in. I therefore uninstalled Firefox and reinstalled it but it does not seem to have made a difference as my home page keeps reverting to http://www.claro-sea...0006894234cfe3b Additionally Firefox will not function properly and freezes after almost every action for a minute or two. Internet Explorer has the same problem but additionally I have seen that when I am typing in the address bar there is a note that keystrokes are being sent to Funmoods.

I have run OTL and it has produced 2 logs, OTL.txt and Extras.txt and I have pasted them both below. Thanks for looking

OTL logfile created on: 15/11/2012 14:16:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bob\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16420)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.89 Gb Total Physical Memory | 3.57 Gb Available Physical Memory | 60.63% Memory free
6.83 Gb Paging File | 4.19 Gb Available in Paging File | 61.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.46 Gb Total Space | 771.82 Gb Free Space | 84.68% Space Free | Partition Type: NTFS
Drive D: | 19.29 Gb Total Space | 2.41 Gb Free Space | 12.52% Space Free | Partition Type: NTFS

Computer Name: BOBSLAPTOP | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/15 14:15:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Downloads\OTL.exe
PRC - [2012/11/13 15:02:45 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/06 23:36:17 | 000,381,952 | ---- | M] (Richard Walters) -- C:\Program Files\WindowsApps\61908RichardWalters.Calculator_1.2.0.0_neutral__486nvj664v5b0\Calculator.exe
PRC - [2012/11/06 23:34:49 | 000,328,704 | ---- | M] () -- C:\Program Files\WindowsApps\BritishSkyBroadcasting.SkyNews_2.0.0.0_neutral__0b9xnhb6xcwd0\SkyNewsMetroAppV2.exe
PRC - [2012/11/06 11:05:25 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/10/11 11:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012/10/11 02:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccsvchst.exe
PRC - [2012/08/02 17:12:50 | 000,363,520 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
PRC - [2012/08/02 10:56:46 | 001,544,192 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
PRC - [2012/07/27 17:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/07/18 01:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 01:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/18 01:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/07/18 01:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/07/09 12:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/07/09 12:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/06/08 03:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/03/28 17:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/08/26 13:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 03:00:37 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\26631dce93820b4014ba67465efac61b\System.ServiceModel.Internals.ni.dll
MOD - [2012/11/15 03:00:35 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\e605b0a9c51eba20698abe1e9454f4ad\SMDiagnostics.ni.dll
MOD - [2012/11/10 09:05:50 | 000,778,752 | ---- | M] () -- C:\Users\Bob\AppData\Local\Packages\britishskybroadcasting.skynews_0b9xnhb6xcwd0\AC\Microsoft\CLR_v4.0_32\NativeImages\SkyNewsMetroAppV2\b393553d79a7f7a578795a3eba7168a8\SkyNewsMetroAppV2.ni.exe
MOD - [2012/11/10 09:05:37 | 000,228,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\42801090e9e55f6d54873e3e78ac5dec\Windows.Data.ni.dll
MOD - [2012/11/10 09:05:36 | 000,369,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Media\a83cfe81241698ebece6e96a85092ae7\Windows.Media.ni.dll
MOD - [2012/11/08 11:14:21 | 000,254,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Security\1d556f6b67d7c7123ab5e6cd7d8806ea\Windows.Security.ni.dll
MOD - [2012/11/06 23:34:49 | 000,328,704 | ---- | M] () -- C:\Program Files\WindowsApps\BritishSkyBroadcasting.SkyNews_2.0.0.0_neutral__0b9xnhb6xcwd0\SkyNewsMetroAppV2.exe
MOD - [2012/11/06 18:25:23 | 000,491,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\03a51168ac38f02837119a0d17d089a1\Windows.Networking.ni.dll
MOD - [2012/11/06 18:25:20 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.429e8964#\cdd306cf62450d70b26c9e7450bff7cb\System.Xml.XmlSerializer.ni.dll
MOD - [2012/11/06 18:25:20 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt1e58aa76#\d88aca120da1d63b8c347522892e9c07\System.Runtime.Extensions.ni.dll
MOD - [2012/11/06 18:25:20 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Resoc6338000#\4f88d44d61a2cdc1780ed2158b582164\System.Resources.ResourceManager.ni.dll
MOD - [2012/11/06 18:25:20 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Globalization\72651ffd4c66014be969f8a656f8e83f\System.Globalization.ni.dll
MOD - [2012/11/06 18:25:19 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.System\54c69c977ff9a658e8a08c778acf8d87\Windows.System.ni.dll
MOD - [2012/11/06 18:25:19 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Linq\e70098e0c1b6d0e94560528760906d50\System.Linq.ni.dll
MOD - [2012/11/06 18:25:19 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IO\46679839334570d7cc384907601e2a02\System.IO.ni.dll
MOD - [2012/11/06 18:25:17 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Threading\f31f3c925641b0d24c33b605eaa9c49f\System.Threading.ni.dll
MOD - [2012/11/06 18:25:15 | 000,693,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\edfcb7e3566636e5b217b27ee46eeb48\Windows.Storage.ni.dll
MOD - [2012/11/06 18:25:15 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Thre7bb2aad0#\1f75b3bc8b600cfd0795648deded93d9\System.Threading.Tasks.ni.dll
MOD - [2012/11/06 18:25:14 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\46d2e71101161dd6adb9a99ebeae74d6\Windows.UI.ni.dll
MOD - [2012/11/06 18:25:14 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\b337f4341111cd7a350504ce4b311cf3\Windows.Foundation.ni.dll
MOD - [2012/11/06 18:25:14 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ObjectModel\58bc08ad1dabed6a81e20f29fc6eb3a5\System.ObjectModel.ni.dll
MOD - [2012/11/06 18:25:12 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\c79d18b16dbb00ba4ef12532d77203a0\Windows.ApplicationModel.ni.dll
MOD - [2012/11/06 18:25:12 | 000,152,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\e1ef225f558b609cb9a42f6abf128e07\Windows.Globalization.ni.dll
MOD - [2012/11/06 18:25:12 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Collections\dce00d20c8120e4ff649f68485584754\System.Collections.ni.dll
MOD - [2012/11/06 18:25:11 | 002,861,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\03ddb80a4598082f9216c75509b20746\Windows.UI.Xaml.ni.dll
MOD - [2012/11/06 18:25:11 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtbff93e24#\6421c9e67e19d33cb3c73622ed14559f\System.Runtime.InteropServices.WindowsRuntime.ni.dll
MOD - [2012/11/06 18:25:05 | 000,021,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime\ed2713f880338ecfdfe3d592fd6eb974\System.Runtime.ni.dll
MOD - [2012/11/06 18:22:08 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\706fd0ae4e6906a398010738d98ae675\System.Xml.ni.dll
MOD - [2012/11/06 18:21:46 | 000,558,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt0d283adf#\c402deb90dbd9f38c70ba75a4baae738\System.Runtime.WindowsRuntime.ni.dll
MOD - [2012/11/06 18:21:46 | 000,099,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtc259d85b#\15bdf99674c73c1169086ae7af7c8933\System.Runtime.WindowsRuntime.UI.Xaml.ni.dll
MOD - [2012/11/06 18:21:45 | 002,785,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\7a9337d3cb714dec10962b4d63372e27\System.Runtime.Serialization.ni.dll
MOD - [2012/11/06 18:21:43 | 000,523,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\3038abde22eda435cbd20b33d0d49cc4\System.Net.Http.ni.dll
MOD - [2012/11/06 18:21:37 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d5aff4168e8ba07f0f39dbabff3bbf6b\System.Configuration.ni.dll
MOD - [2012/11/06 18:21:18 | 006,995,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9587421a7c7653b171bc5a2e5a1fffab\System.Core.ni.dll
MOD - [2012/11/06 18:21:14 | 009,926,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\c0a96107dfc55d74bbc2f775d1a0f1c2\System.ni.dll
MOD - [2012/11/06 18:21:08 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\939f2968bc3436f588bb23c6c7cee671\mscorlib.ni.dll
MOD - [2012/11/06 11:05:24 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/10/24 17:50:39 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/11 11:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012/10/11 11:17:06 | 002,069,528 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/07/27 13:50:34 | 000,333,312 | ---- | M] () -- C:\Windows\SysWOW64\BsExtendFunc.dll
MOD - [2012/07/10 17:04:10 | 000,062,976 | ---- | M] () -- C:\Windows\SysWOW64\BsProfileFunc.dll
MOD - [2012/07/10 16:59:40 | 000,019,456 | ---- | M] () -- C:\Windows\SysWOW64\BsTrace.dll
MOD - [2012/07/10 16:26:44 | 000,011,264 | ---- | M] () -- C:\Windows\SysWOW64\SCChangeMonitor.dll
MOD - [2012/06/08 10:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/08 03:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/05/30 06:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\wincfi39.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/20 09:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 08:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 06:32:59 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/09/20 06:32:58 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/09/20 06:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 06:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/09/20 06:30:38 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/08/10 14:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/07/26 03:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/26 03:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/26 03:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 03:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/26 03:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 03:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 03:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/26 03:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 03:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 03:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 03:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/26 03:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 03:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 03:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/26 03:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 03:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/07/22 07:30:36 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/04/20 13:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2012/11/06 17:04:12 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/11/06 11:05:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/24 17:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/11 11:17:59 | 002,312,216 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012/10/11 02:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe -- (NIS)
SRV - [2012/09/20 08:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/10 16:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/08 11:09:02 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/08/02 10:56:46 | 001,544,192 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2012/07/26 03:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/26 03:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/26 03:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/18 01:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 01:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/18 01:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/07/18 01:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/14 16:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/07/10 17:11:20 | 000,138,752 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe -- (BsHelpCS)
SRV - [2012/07/09 12:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/11/21 20:32:02 | 000,032,768 | ---- | M] (Acesoft) [On_Demand | Stopped] -- C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\tepsrv.exe -- (tepsrv)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/06 17:01:07 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/10/09 01:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/04 01:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/10/04 01:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symds64.sys -- (SymDS)
DRV:64bit: - [2012/10/04 01:19:14 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/09/20 08:31:29 | 000,068,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/09/20 07:55:33 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/09/20 07:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/09/20 07:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 07:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 07:55:30 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 07:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/09/20 07:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 07:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/20 07:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/09/20 07:03:06 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/09/20 07:03:03 | 000,055,528 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 06:09:11 | 000,031,104 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/09/20 06:08:40 | 000,117,632 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2012/09/20 06:08:27 | 000,029,952 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/09/18 17:51:20 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/09/07 02:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/07 01:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/08/24 09:38:28 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/24 09:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/24 09:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/10 14:24:28 | 000,042,400 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/08/10 14:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/09 13:48:18 | 000,695,392 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2012/08/08 21:28:38 | 001,958,984 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/08 20:46:34 | 000,048,736 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IvtUrbBtFlt.sys -- (btUrbFilterDrv)
DRV:64bit: - [2012/08/08 05:17:54 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/03 13:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/07/31 19:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/31 08:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/26 05:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 05:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 05:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 05:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 05:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 05:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 05:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 05:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 05:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 05:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 05:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 05:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 05:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 05:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 05:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 05:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 05:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 05:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 05:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 04:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 04:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 04:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 04:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/26 04:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/26 03:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 03:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/07/26 02:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/26 02:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 02:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 02:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 02:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 02:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/07/26 02:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 02:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 02:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 02:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 02:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 02:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 02:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 02:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 02:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 02:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 02:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 02:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 02:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 02:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/07/26 02:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 02:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/26 02:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 02:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 02:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 22:53:22 | 011,926,528 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/22 07:30:36 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/07/19 16:47:40 | 000,056,904 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BtL2caScoIf.sys -- (BthL2caScoIfSrv)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/04 13:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/07/02 23:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/29 02:00:48 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/25 09:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/20 21:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symelam.sys -- (SymELAM)
DRV:64bit: - [2012/06/19 15:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/15 10:22:02 | 000,023,136 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BtAudioBus.sys -- (BtAudioBusSrv)
DRV:64bit: - [2012/01/11 18:11:54 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\srtspx64.sys -- (SRTSPX)
DRV - [2012/11/05 15:26:18 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20121114.008\ex64.sys -- (NAVEX15)
DRV - [2012/11/05 15:26:18 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/11/05 15:26:18 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/11/05 15:26:18 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20121114.008\eng64.sys -- (NAVENG)
DRV - [2012/11/03 06:37:24 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20121114.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/10/23 23:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20121106.001\BHDrvx64.sys -- (BHDrvx64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=894205108
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=894205108
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{78F939B8-B5C2-4BD4-AEC0-6360FB28260E}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=894205108
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{00070B1A-A569-B82E-3F6E-55413938BB1E}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=894205108
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{78F939B8-B5C2-4BD4-AEC0-6360FB28260E}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-sea...0006894234cfe3b
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{00070B1A-A569-B82E-3F6E-55413938BB1E}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=894205108
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{78F939B8-B5C2-4BD4-AEC0-6360FB28260E}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2012/11/14 15:10:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2012/11/05 15:03:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/13 15:02:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/14 15:11:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/11/13 15:17:51 | 000,000,000 | ---D | M]

[2012/11/14 15:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Extensions
[2012/11/14 15:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\oisbga57.default\extensions
[2012/11/14 15:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/24 17:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 17:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 17:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/26 05:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08D31D2A-9A94-4576-B40B-38146B93F409}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38FE2CC8-EB4F-4E70-A369-E1DD12386933}: DhcpNameServer = 40.24.1.201 40.24.1.202
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cf6fcdfa-2a61-11e2-be75-6894234cfe3a}\Shell - "" = AutoRun
O33 - MountPoints2\{cf6fcdfa-2a61-11e2-be75-6894234cfe3a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/14 15:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/14 14:55:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012/11/14 14:55:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012/11/13 15:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
[2012/11/13 15:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Shredder
[2012/11/13 15:17:52 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/11/13 15:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/11/13 15:17:25 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Babylon
[2012/11/13 15:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/11/13 15:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/11/13 15:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/11/13 15:02:46 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/11/13 15:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/11/13 15:02:36 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Real
[2012/11/13 15:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/11/13 14:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/11/13 14:53:00 | 000,000,000 | ---D | C] -- C:\Restoration
[2012/11/13 14:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods
[2012/11/12 22:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracks Eraser Pro
[2012/11/12 22:34:52 | 000,277,504 | ---- | C] (Nektra S.A.) -- C:\Windows\SysWow64\oestore.dll
[2012/11/12 22:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acesoft
[2012/11/11 15:57:53 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Adobe
[2012/11/11 15:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/11/11 15:12:48 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\New folder
[2012/11/09 12:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/11/09 12:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/11/09 12:48:42 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Google
[2012/11/09 12:20:11 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Skype
[2012/11/09 12:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/09 12:20:02 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/11/09 12:20:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/09 12:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/11/09 11:42:01 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\{34A0B027-EAB3-4299-94F5-0F23174E7A18}
[2012/11/09 10:47:24 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\TuneUp Software
[2012/11/09 10:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/11/09 10:47:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012/11/09 10:47:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/11/09 10:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp
[2012/11/09 10:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia
[2012/11/09 10:46:35 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\OpenCandy
[2012/11/09 10:45:30 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\TuneUpMedia
[2012/11/09 10:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2012/11/06 23:04:01 | 000,000,000 | R--D | C] -- C:\Users\Bob\Documents\HP Photo Creations
[2012/11/06 23:04:01 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Visan
[2012/11/06 22:55:26 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\OneNote Notebooks
[2012/11/06 22:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/11/06 22:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/11/06 22:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/11/06 22:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/11/06 22:48:27 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Microsoft Help
[2012/11/06 22:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/11/06 22:47:54 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/11/06 17:07:16 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2012/11/06 17:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012/11/06 17:02:17 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\Fonts
[2012/11/06 17:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/11/06 17:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/11/06 16:30:35 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Identities
[2012/11/06 15:12:10 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\ids
[2012/11/06 15:12:09 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Car
[2012/11/06 12:24:46 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Apple Computer
[2012/11/06 12:24:45 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Apple Computer
[2012/11/06 12:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/06 12:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/06 12:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/06 12:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/11/06 12:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/11/06 12:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/11/06 12:23:38 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Apple
[2012/11/06 12:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/11/06 12:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/11/06 12:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/11/06 11:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2012/11/06 11:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2012/11/06 11:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2012/11/06 11:25:58 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\HpUpdate
[2012/11/06 11:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/11/06 11:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/11/06 11:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/11/06 11:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/11/06 11:17:08 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Macromedia
[2012/11/06 11:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/11/06 10:55:37 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\HP
[2012/11/06 10:37:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/11/05 16:46:18 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\hpqlog
[2012/11/05 16:09:57 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Mozilla
[2012/11/05 16:09:57 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Mozilla
[2012/11/05 16:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/05 16:09:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/05 16:03:36 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Macromedia
[2012/11/05 15:26:45 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Hewlett-Packard
[2012/11/05 15:07:02 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Hewlett-Packard
[2012/11/05 15:06:59 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Bluetooth
[2012/11/05 15:06:59 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\bluesoleil
[2012/11/05 15:06:25 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/05 15:06:25 | 000,000,000 | R--D | C] -- C:\Users\Bob\Searches
[2012/11/05 15:06:25 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/11/05 15:06:24 | 000,000,000 | R--D | C] -- C:\Users\Bob\Contacts
[2012/11/05 15:06:20 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Adobe
[2012/11/05 15:06:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2012/11/05 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Power2Go8
[2012/11/05 15:04:34 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Synaptics
[2012/11/05 15:03:20 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\VirtualStore
[2012/11/05 15:03:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2012/11/05 15:03:04 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Packages
[2012/11/05 15:02:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/11/05 15:02:09 | 000,000,000 | --SD | C] -- C:\Users\Bob\AppData\Roaming\Microsoft
[2012/11/05 15:02:09 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2012/11/05 15:02:09 | 000,000,000 | R--D | C] -- C:\Users\Bob\Desktop
[2012/11/05 15:02:09 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/05 15:02:09 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2012/11/05 15:02:09 | 000,000,000 | -H-D | C] -- C:\Users\Bob\AppData
[2012/11/05 15:02:09 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Temp
[2012/11/05 15:02:09 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Microsoft
[2012/11/05 15:02:09 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Videos
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Saved Games
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Pictures
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Music
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Links
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Favorites
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Downloads
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Documents
[2012/11/05 15:02:08 | 000,000,000 | -H-D | C] -- C:\Users\Bob\Documents\hp.system.package.metadata
[2012/11/05 15:02:08 | 000,000,000 | -H-D | C] -- C:\Users\Bob\Documents\hp.applications.package.appdata

========== Files - Modified Within 30 Days ==========

[2012/11/15 13:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/15 13:53:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/15 13:42:10 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/11/15 12:53:57 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/15 00:27:16 | 001,711,535 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\Cat.DB
[2012/11/14 20:26:59 | 000,000,821 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2012/11/14 20:23:56 | 000,004,524 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012/11/14 20:23:54 | 000,000,043 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012/11/14 20:23:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/14 20:20:02 | 000,000,231 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2012/11/14 15:12:10 | 000,941,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/14 15:12:10 | 000,788,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/14 15:12:10 | 000,162,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/14 15:11:48 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/14 15:07:21 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2012/11/14 15:07:18 | 768,622,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/13 15:17:59 | 000,000,972 | ---- | M] () -- C:\Users\Bob\Desktop\File Shredder.lnk
[2012/11/13 15:03:10 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/11/13 15:02:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/11/13 14:57:08 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/11/13 14:52:28 | 000,290,500 | ---- | M] () -- C:\Users\Bob\AppData\Local\funmoods-speeddial_sf.crx
[2012/11/13 14:52:28 | 000,031,465 | ---- | M] () -- C:\Users\Bob\AppData\Local\funmoods.crx
[2012/11/12 22:34:57 | 000,001,160 | ---- | M] () -- C:\Users\Bob\Desktop\Tracks Eraser Pro.lnk
[2012/11/12 11:50:14 | 000,002,967 | ---- | M] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2012/11/09 22:57:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2012/11/09 22:13:20 | 000,067,986 | ---- | M] () -- C:\Users\Bob\Documents\LGW285XX227E.pdf
[2012/11/09 12:49:46 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/11/09 12:20:03 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/09 11:37:47 | 000,336,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/09 10:46:53 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp.lnk
[2012/11/06 23:42:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2012/11/06 23:03:27 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/11/06 22:55:26 | 000,001,310 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/11/06 17:14:17 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/11/06 17:11:16 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBob.job
[2012/11/06 17:10:19 | 000,010,074 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\VT20121008.022
[2012/11/06 17:04:15 | 000,000,060 | ---- | M] () -- C:\Windows\wininit.ini
[2012/11/06 17:04:10 | 000,001,213 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 7.0.lnk
[2012/11/06 12:24:44 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/06 11:25:54 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3000 J310 series.lnk
[2012/11/06 11:25:53 | 000,002,272 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3000 J310 series.lnk
[2012/11/06 11:25:44 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/10/19 12:07:54 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\isolate.ini

========== Files Created - No Company Name ==========

[2012/11/14 15:11:48 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/14 15:11:46 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/13 15:17:58 | 000,000,972 | ---- | C] () -- C:\Users\Bob\Desktop\File Shredder.lnk
[2012/11/13 15:03:10 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/11/13 14:57:08 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/11/13 14:52:34 | 000,290,500 | ---- | C] () -- C:\Users\Bob\AppData\Local\funmoods-speeddial_sf.crx
[2012/11/13 14:52:32 | 000,031,465 | ---- | C] () -- C:\Users\Bob\AppData\Local\funmoods.crx
[2012/11/12 22:34:56 | 000,001,160 | ---- | C] () -- C:\Users\Bob\Desktop\Tracks Eraser Pro.lnk
[2012/11/09 22:57:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2012/11/09 22:13:20 | 000,067,986 | ---- | C] () -- C:\Users\Bob\Documents\LGW285XX227E.pdf
[2012/11/09 12:49:45 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/11/09 12:48:49 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/09 12:48:48 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/09 12:20:03 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/09 11:37:39 | 000,336,040 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/09 10:46:53 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp.lnk
[2012/11/06 23:42:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2012/11/06 23:03:28 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/11/06 22:55:25 | 000,001,310 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/11/06 17:04:15 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/06 17:04:10 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 7.0.lnk
[2012/11/06 17:04:09 | 000,001,213 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 7.0.lnk
[2012/11/06 15:13:35 | 000,361,934 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2012/11/06 15:13:12 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2012/11/06 15:13:12 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/11/06 15:12:05 | 001,008,075 | ---- | C] () -- C:\Users\Bob\Documents\VillaAdria.xps
[2012/11/06 15:12:05 | 000,005,454 | ---- | C] () -- C:\Users\Bob\Documents\Trees RegisterSY330651[1].pdf
[2012/11/06 15:12:04 | 000,301,038 | ---- | C] () -- C:\Users\Bob\Documents\Travel Insurance for India.pdf
[2012/11/06 15:12:01 | 001,312,616 | ---- | C] () -- C:\Users\Bob\Documents\Tallinn_en.pdf
[2012/11/06 15:12:01 | 000,033,421 | -H-- | C] () -- C:\Users\Bob\Documents\songs.rtf
[2012/11/06 15:11:59 | 001,346,606 | ---- | C] () -- C:\Users\Bob\Documents\Riga_en.pdf
[2012/11/06 15:11:57 | 000,536,480 | ---- | C] () -- C:\Users\Bob\Documents\RAC_Policy_ Corsa.pdf
[2012/11/06 15:11:56 | 000,005,201 | ---- | C] () -- C:\Users\Bob\Documents\perftest - Shortcut.lnk
[2012/11/06 15:11:54 | 001,491,728 | ---- | C] () -- C:\Users\Bob\Documents\Mobile User Guide K700.pdf
[2012/11/06 15:11:52 | 000,000,423 | ---- | C] () -- C:\Users\Bob\Documents\Le Mans.html
[2012/11/06 15:11:51 | 000,106,967 | ---- | C] () -- C:\Users\Bob\Documents\itinerary.xps
[2012/11/06 15:11:50 | 001,468,523 | ---- | C] () -- C:\Users\Bob\Documents\Israel & Palestine Territories - Jerusalem (Chapter).pdf
[2012/11/06 15:11:49 | 000,002,052 | ---- | C] () -- C:\Users\Bob\Documents\Invoice.htm
[2012/11/06 15:11:46 | 000,614,409 | ---- | C] () -- C:\Users\Bob\Documents\Epsom44.pdf
[2012/11/06 15:11:44 | 001,583,860 | ---- | C] () -- C:\Users\Bob\Documents\ELECTION.jpg
[2012/11/06 15:11:43 | 000,156,788 | ---- | C] () -- C:\Users\Bob\Documents\Chingoma to Addis Ababa xls.pdf
[2012/11/06 15:11:43 | 000,023,018 | ---- | C] () -- C:\Users\Bob\Documents\chelsea BADGE.jpg
[2012/11/06 15:11:42 | 000,510,718 | ---- | C] () -- C:\Users\Bob\Documents\ccsetup123.exe
[2012/11/06 15:11:42 | 000,061,074 | ---- | C] () -- C:\Users\Bob\Documents\cc_20051224_1802.reg
[2012/11/06 15:11:41 | 000,532,081 | ---- | C] () -- C:\Users\Bob\Documents\cardoman club conf.xps
[2012/11/06 12:24:43 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/06 12:23:37 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/11/06 12:12:12 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBob.job
[2012/11/06 12:09:18 | 000,002,967 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2012/11/06 12:08:21 | 000,000,231 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2012/11/06 11:26:02 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/11/06 11:25:53 | 000,002,272 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3000 J310 series.lnk
[2012/11/06 11:25:53 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3000 J310 series.lnk
[2012/11/06 11:25:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/11/06 11:05:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/05 15:06:20 | 000,001,434 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/05 15:06:01 | 000,002,226 | ---- | C] () -- C:\Users\Public\Desktop\Visit eBay.co.uk.lnk
[2012/11/05 15:06:00 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\HP Games.lnk
[2012/11/05 15:05:59 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish Photos.lnk
[2012/09/18 17:30:05 | 000,004,524 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012/09/18 17:30:05 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012/08/10 16:45:30 | 000,000,821 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2012/08/08 05:18:02 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/08/08 05:17:52 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/08 05:17:50 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/08/03 22:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/27 13:50:34 | 000,333,312 | ---- | C] () -- C:\Windows\SysWow64\BsExtendFunc.dll
[2012/07/26 08:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 08:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 07:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 01:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 20:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 20:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 20:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 20:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 20:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/07/10 17:04:10 | 000,062,976 | ---- | C] () -- C:\Windows\SysWow64\BsProfileFunc.dll
[2012/07/10 16:59:40 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\BsTrace.dll
[2012/07/10 16:26:44 | 000,090,208 | ---- | C] () -- C:\Windows\SysWow64\BSSkypeAgent.dll
[2012/07/10 16:26:44 | 000,086,108 | ---- | C] () -- C:\Windows\SysWow64\BSVoIPComm.dll
[2012/07/10 16:26:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2012/07/10 16:26:44 | 000,049,664 | ---- | C] () -- C:\Windows\SysWow64\BSWMPPlugin.dll
[2012/07/10 16:26:44 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\SCChangeMonitor.dll
[2012/06/13 07:45:02 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\SROF.dll
[2012/06/04 20:31:00 | 000,000,417 | ---- | C] () -- C:\Windows\SysWow64\RaoBLE.ini
[2012/06/02 14:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/08/16 20:00:28 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/10/11 05:45:39 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/10/11 05:07:29 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 03:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 03:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 03:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/13 15:17:25 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Babylon
[2012/11/09 10:46:35 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OpenCandy
[2012/11/05 15:04:34 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Synaptics
[2012/11/09 10:47:24 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\TuneUp Software
[2012/11/11 16:08:54 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\TuneUpMedia
[2012/11/06 23:04:01 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Visan

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 15/11/2012 14:16:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bob\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16420)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.89 Gb Total Physical Memory | 3.57 Gb Available Physical Memory | 60.63% Memory free
6.83 Gb Paging File | 4.19 Gb Available in Paging File | 61.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.46 Gb Total Space | 771.82 Gb Free Space | 84.68% Space Free | Partition Type: NTFS
Drive D: | 19.29 Gb Total Space | 2.41 Gb Free Space | 12.52% Space Free | Partition Type: NTFS

Computer Name: BOBSLAPTOP | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Shred With Tracks Eraser Pro] -- C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\fileshred.exe %1 (Acesoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Shred With Tracks Eraser Pro] -- C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\fileshred.exe %1 (Acesoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04909704-570B-452D-9A7A-F63B957F90BE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{069AE9F2-A467-434F-8F5C-CB1B2B13D715}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1094082E-44CA-4157-9CE2-58E09B244F5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1613F03B-A0FC-4784-9F5D-58A823BBD3F3}" = rport=139 | protocol=6 | dir=out | app=system |
"{22698059-8293-4073-8D34-17BE6813F58B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{46A66B46-C44C-4C6B-BEE0-D2A87B331AA3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4778A3B2-BFF5-41C9-A5D5-440DF96FB98F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B3AA776-8616-41D1-B9F2-8BAB5B33A34D}" = lport=445 | protocol=6 | dir=in | app=system |
"{5D6FCF03-F7E1-4544-B42F-EBF65167F461}" = lport=137 | protocol=17 | dir=in | app=system |
"{60DC2EF2-A286-40F0-AFE8-187F426DEAAA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7155161E-4229-4496-9437-ACA5329C5D32}" = rport=10243 | protocol=6 | dir=out | app=system |
"{727E5371-5731-4EA1-9F23-A66C402825DB}" = lport=139 | protocol=6 | dir=in | app=system |
"{859BA2FF-8D2A-4EF3-8780-193E84F60E7D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{892E50A7-7D02-4A18-AA7D-833E2F6AE3B1}" = rport=445 | protocol=6 | dir=out | app=system |
"{8DB634A9-66B5-43A4-852E-819507527149}" = lport=138 | protocol=17 | dir=in | app=system |
"{93954726-2CA4-48C4-A17B-36F8DB7793A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A38E4FE2-A20C-4868-828E-13685922E1FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A9DE21CC-4407-4EF7-A2D3-4EA822E70D65}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE2151B4-2644-4B83-B95E-D84B2C3F1644}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF047AB1-4ED9-4C5F-A895-3F9C32F6D601}" = rport=138 | protocol=17 | dir=out | app=system |
"{BEC26B81-D4B8-4914-A8A7-F61E5B1CEAD6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C7233BB2-04C6-4A1E-A729-AFCCB850C9E8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F1E0A333-EE60-47FE-BA12-E3975E49EC8C}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011014E5-333B-4514-A81C-B67EEE60BDDC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{03FAE64E-BF19-46BD-990C-4139948E3FE6}" = dir=out | name=@{microsoft.bing_1.5.1.251_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{078E2929-DB70-452F-914D-A0D60F8C6AD0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{09CFA2F7-FDBF-46EC-B57A-20EE60B5274C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0C0A116B-47A3-44A7-A208-CFD18B098CB8}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{0F13CE5D-E226-44D3-BAC8-D3AC4E7FD08B}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |
"{1BEC32E1-0DD5-4393-A7C8-E4C657B8CAAB}" = protocol=1 | dir=out | [email protected],-28544 |
"{1CAF90EF-588F-4207-A1A7-3DB7F781EB2D}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{1E8CD739-CB70-49B8-B640-BAA882EE6C91}" = dir=out | name=national rail enquiries |
"{27F0B5F3-4FA8-473E-BCB0-558EDB905425}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{283A7023-48F8-467F-A51D-EFC6D9AEBFEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A5DB40F-6AEF-447E-91FE-36CEF41B4E5F}" = protocol=58 | dir=out | [email protected],-28546 |
"{2C296D02-90DD-4600-AA5A-83109295C11C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{371BF8E0-0E18-414D-B703-0D3B4D84EF5C}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{376D59C5-BCF9-4375-8B91-F62CB666BC17}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{3955B721-3115-4D38-9B38-EC8C1E2E5C8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C229153-0966-48D3-B467-59F1018A7A29}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3EC378B5-298B-42B7-8148-17151B9237C9}" = dir=out | name=hp connected photo powered by snapfish |
"{3EF35806-C4E1-45C8-A002-4C874DFC7886}" = dir=out | name=getting started with windows 8 |
"{3FD29425-7A43-427E-A48A-97A49FEEA26B}" = dir=out | name=@{microsoft.bingfinance_1.5.1.406_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{41AD2E57-E420-4434-BBDD-23E27C82BA39}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{465EF04C-C67B-49DA-9F8D-9EC663F03E05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{49812522-70F6-426F-AE8B-67E51E3D0473}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49FDA019-A97D-4324-8BD9-FE4DE9B04B14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{553B2B80-1492-4B68-B5DA-759D617AD35A}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{561D6132-85EE-42A7-BFE1-55262FCC6630}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{574A9CB4-3759-4E19-9DF5-86CFE6F681ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{59D60411-5266-4B0E-906B-11D134111C19}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{62E9EC49-6487-4225-99B8-52C7D133FAE4}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{662232C2-EFA2-4592-85D3-D7578EDB1B5B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{68BF1E7F-67C0-4F1B-969F-F0A4270F6D7A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6A6D446F-1C54-47EC-AE5F-995B591F0956}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AC85AEC-9EC4-4033-8509-5728F76C71E3}" = protocol=58 | dir=in | [email protected],-28545 |
"{71FD83DD-0368-43CC-B699-B57167DA9F00}" = dir=out | name=sky news |
"{73F3272D-919D-46A8-B7C1-6DE9F2350673}" = dir=in | name=ebay |
"{74B9DB35-8B61-4932-844E-38B854758630}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{755AFE5C-771A-4ED7-9F0B-D61191AC5099}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{782D79EE-99EB-42E9-A0DF-0381199C8BD4}" = dir=out | name=calculator² |
"{7A3E2CF0-6D06-445D-9293-009569009AD5}" = dir=out | name=ebay |
"{7E337F56-D60B-4FCA-A619-BDD66A49B210}" = dir=out | name=wikipedia |
"{7FFFCCFA-6E84-4C56-9F00-BF09B68E68A8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{86899BEB-CDB0-49CF-A1DF-A63C3E8A9460}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{89406223-8A17-45B1-AF54-31E1CE6F15FA}" = dir=out | name=norton studio |
"{8AAE2B5B-3E2B-4EEC-9CC9-DA42B9E6909D}" = protocol=6 | dir=out | app=system |
"{94400154-00AB-4E54-938F-D8DAAE9E6DAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{980003D1-B103-4846-A1B7-FCE240377AC5}" = dir=out | name=hp registration |
"{9D8B73BA-98AB-4C16-9075-D9D89CE7FCC2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9E16DDFE-CC7E-4487-B387-F98F0DB69C08}" = dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicatorcom.exe |
"{A1970B55-2BF8-433D-9B9A-1A33F519AC5B}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A1A5983F-B5C2-4ABA-9CAC-53120B18076F}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{A2CDBC12-6D8A-46DF-99D6-1EAAB8DF52DC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A3ADCDF8-2D8C-4ECB-ADEA-EED512936CBB}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{AB6E1643-59BB-4017-8BB2-FB1ACF1B5747}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{AF9918AD-6B50-4F17-9F8D-5BF79B2BEFD2}" = protocol=1 | dir=in | [email protected],-28543 |
"{AFD91B15-834C-46D6-B143-FA1F9DAE8193}" = dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\devicesetup.exe |
"{B11E8882-8CBC-491C-BF63-5C25251480CB}" = dir=out | name=google search |
"{B64D7E5C-6D04-4F4E-97FA-98D2FEAF6481}" = dir=out | name=@{microsoft.zunemusic_1.1.137.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{B8826631-6A22-479B-8DDE-331858CDE131}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{B9D13DCD-8465-4D94-8539-3A6AFC22B4EB}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{C1AA3091-FAC8-49D6-82DA-7E0EB3022A31}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{C31F8740-6F1C-421A-BB89-51CF76F972DB}" = dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicator.exe |
"{CB38DF93-9298-4471-815D-919341A571CC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{D3F7AD13-F22B-4DE8-9812-C869CD89589C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D4BD51FB-AB70-4C26-98A8-E10C79F5B103}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D8758972-B1AB-439E-BEE4-C88BEA4D3553}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{DDC6EE12-EF69-4AE3-9D5B-354E58397690}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E3CE7892-B246-47C4-95E1-54F2CD2D75BC}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EC41597F-0B5F-4233-A307-B2155E15FADD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EE0C58A9-812C-4AFD-8C28-E6489DEB6B58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFF86DBD-0EDA-4D68-B445-63D7C8BCBEDA}" = dir=out | name=hp printer control |
"{F478B02E-9E96-45FE-8A02-47490CF7A74E}" = dir=in | name=hp printer control |
"{FE31B915-AF81-4839-92A6-769E34AF20B9}" = dir=in | name=hp connected photo powered by snapfish |
"{FEC27D2E-E315-4FC1-8A91-DD195DF4E3B6}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}" = Ralink Bluetooth Stack64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73A0F534-1455-4340-9747-5CE7D2825869}" = HP Deskjet 3000 J310 series Product Improvement Study
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8D4C9954-7EFA-4BCD-8EA0-E654E7013A40}" = HP Deskjet 3000 J310 series Basic Device Software
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{F244D07D-1876-4CDD-914D-214E15A8D327}" = HP 3D DriveGuard
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{16B7BDA1-B967-4D2D-8B27-E12727C28350}" = HP CoolSense
"{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}" = HP Documentation
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1" = Connected Music powered by Universal Music Group version 1.0
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654A65DA-7173-4B51-ACEB-F855201EE033}" = HP Deskjet 3000 J310 series Help
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT3290 802.11bgn Wi-Fi Adapter
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"File Shredder_is1" = File Shredder 2.0
"funmoods" = Funmoods
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"RealPlayer 15.0" = RealPlayer
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"Tracks Eraser Pro_is1" = Tracks Eraser Pro v8.8 build 1001
"TuneUpMedia" = TuneUp 2.4.6.4
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0277131d-4166-4824-a16d-d7f9d62f2a32" = Mahjongg Artifacts
"WTA-0fef7120-f837-4db9-a93d-0e2e96e64dc5" = Trinklit Supreme
"WTA-18085ec4-908b-4300-b344-5561de0d539a" = Crazy Chicken Soccer
"WTA-21bd7ca7-4ca5-418a-83b0-db888aed8426" = Ranch Rush 2 - Premium Edition
"WTA-3a4984d0-8de5-46a5-a8c5-b849c4e1b60e" = Zuma's Revenge
"WTA-46584c58-4169-4a61-a1d4-d78ce24b4bca" = Virtual Families
"WTA-58df2672-1d75-4634-b40f-7c509d14aef9" = Jewel Match 3
"WTA-5d115c9b-4c2b-4cef-9f57-d572ef4ae942" = Build-a-lot 4 - Power Source
"WTA-614356ca-ab7a-429a-8324-238236710591" = Bejeweled 3
"WTA-620fd5a7-86e2-48e8-a87e-8f26d0749100" = Farm Frenzy
"WTA-64ba2c69-6373-4f32-8c30-a7ff027371a3" = Mystery of Mortlake Mansion
"WTA-6c293bc3-d436-4053-ab12-f846a29de511" = Cradle of Rome 2
"WTA-73ee9e27-dc4c-45db-8cdd-56c632f9fe48" = Governor of Poker 2 Premium Edition
"WTA-8aa65c9b-ae02-4b16-9ea0-a7a77a76a4e0" = Jewel Quest Solitaire 2
"WTA-8de0a914-4203-4dd8-bb6c-67c9f3ae9cf4" = Final Drive Fury
"WTA-8f0dea5a-8aed-477d-b356-36508758c1e7" = 7 Wonders II
"WTA-9fd2f560-246a-442e-b7d8-a892af9fd343" = Aloha TriPeaks
"WTA-a33ad5dc-a9c9-4e73-9c47-ddda80a51ceb" = Chuzzle Deluxe
"WTA-a8499fbd-cee6-4a71-a18a-f72b910d2c7b" = Jewel Quest II
"WTA-aa36582d-fe16-4f0e-9b05-d8c2080aec46" = Polar Bowler
"WTA-b99191e0-5131-4708-825f-a5b54d991b7b" = Wedding Dash

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13/11/2012 11:48:02 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5750

Error - 13/11/2012 11:48:02 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5750

Error - 13/11/2012 11:48:03 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/11/2012 11:48:03 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6922

Error - 13/11/2012 11:48:03 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6922

Error - 13/11/2012 11:48:04 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/11/2012 11:48:04 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8109

Error - 13/11/2012 11:48:04 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8109

Error - 13/11/2012 13:44:03 | Computer Name = BobsLaptop | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Package microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe
was terminated because it took too long to suspend.

Error - 13/11/2012 13:44:53 | Computer Name = BobsLaptop | Source = Application Hang | ID = 1002
Description = The program wwahost.exe version 6.2.9200.16420 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 172c Start
Time: 01cdbe703fe2b7ff Termination Time: 4294967295 Application Path: C:\Windows\system32\wwahost.exe

Report
Id: b8b252e6-2db9-11e2-be75-6894234cfe3a Faulting package full name: microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe

Faulting
package-relative application ID: Microsoft.WindowsLive.Mail

[ System Events ]
Error - 06/11/2012 11:21:20 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =

Error - 06/11/2012 11:33:20 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =

Error - 06/11/2012 11:45:21 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =

Error - 06/11/2012 11:57:21 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =

Error - 06/11/2012 12:09:21 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =

Error - 06/11/2012 12:21:19 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =

Error - 06/11/2012 12:33:18 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =

Error - 06/11/2012 12:45:19 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =

Error - 06/11/2012 13:57:15 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =

Error - 06/11/2012 18:45:18 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 15 November 2012 - 09:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, this is my first windows 8... I will be checking any programmes on my own windows 8 first before I ask you to run them. Could you let me know if this kills it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=894205108
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=894205108
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=894205108
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-sea...0006894234cfe3b
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=894205108
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/11/13 15:17:51 | 000,000,000 | ---D | M]
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
[2012/11/13 15:17:52 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/11/13 15:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/11/13 15:17:25 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Babylon
[2012/11/13 15:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/11/13 14:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods
[2012/11/09 10:46:35 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\OpenCandy
[2012/11/13 15:17:25 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Babylon
[2012/11/09 10:46:35 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OpenCandy

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
eaglet
Posted 15 November 2012 - 11:35 AM

eaglet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi Essex boy
Thanks for looking :) I have run that but its been unsuccessful.

heres the log it produced: and after that I've pasted the new OTL report

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b64982b1-d112-42b5-b1e4-d3867c4533f8}\ not found.
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content folder moved successfully.
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components folder moved successfully.
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll moved successfully.
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager folder moved successfully.
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\Users\Bob\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh folder moved successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22 folder moved successfully.
C:\Program Files (x86)\Funmoods folder moved successfully.
C:\Users\Bob\AppData\Roaming\OpenCandy\38B59CD46A4A4029B56788C083FFA420 folder moved successfully.
C:\Users\Bob\AppData\Roaming\OpenCandy folder moved successfully.
Folder C:\Users\Bob\AppData\Roaming\Babylon\ not found.
Folder C:\Users\Bob\AppData\Roaming\OpenCandy\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Bob
->Temp folder emptied: 234173457 bytes
->Temporary Internet Files folder emptied: 226683387 bytes
->FireFox cache emptied: 63547093 bytes
->Flash cache emptied: 1130 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89152 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 280994 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 500.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11152012_171501

Files\Folders moved on Reboot...
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11 scheduled to be moved on reboot.
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EO9TV4S2\csc-render[1].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EO9TV4S2\G2tactical.cmp[2].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EO9TV4S2\xframe-proxy_20110929[1].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9R299ROB\0[1].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9R299ROB\fc[1].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9R299ROB\xframe-proxy_20110929[1].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\827OXTAD\0[1].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\827OXTAD\0[2].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\827OXTAD\0[3].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\827OXTAD\admain[1].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\827OXTAD\page__pid__2228220[1].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0BMN3HGJ\ext-render-secure[1].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0BMN3HGJ\launch[1].htm moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

********************************************************************************

New OTL run:


OTL logfile created on: 15/11/2012 17:28:36 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bob\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16420)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.89 Gb Total Physical Memory | 4.33 Gb Available Physical Memory | 73.53% Memory free
6.83 Gb Paging File | 5.33 Gb Available in Paging File | 77.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.46 Gb Total Space | 772.09 Gb Free Space | 84.71% Space Free | Partition Type: NTFS
Drive D: | 19.29 Gb Total Space | 2.41 Gb Free Space | 12.52% Space Free | Partition Type: NTFS

Computer Name: BOBSLAPTOP | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/15 14:15:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Downloads\OTL.exe
PRC - [2012/11/13 15:02:45 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/06 23:02:49 | 000,186,576 | ---- | M] () -- C:\ProgramData\HP Photo Creations\Communicator.exe
PRC - [2012/10/11 11:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012/10/11 02:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccsvchst.exe
PRC - [2012/08/02 17:12:50 | 000,363,520 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
PRC - [2012/08/02 10:56:46 | 001,544,192 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
PRC - [2012/07/27 17:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/07/18 01:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 01:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/18 01:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/07/18 01:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/07/09 12:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/07/09 12:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/06/08 03:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/03/28 17:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/08/26 13:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/06 23:02:49 | 000,186,576 | ---- | M] () -- C:\ProgramData\HP Photo Creations\Communicator.exe
MOD - [2012/10/11 11:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012/10/11 11:17:06 | 002,069,528 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/07/27 13:50:34 | 000,333,312 | ---- | M] () -- C:\Windows\SysWOW64\BsExtendFunc.dll
MOD - [2012/07/10 17:04:10 | 000,062,976 | ---- | M] () -- C:\Windows\SysWOW64\BsProfileFunc.dll
MOD - [2012/07/10 16:59:40 | 000,019,456 | ---- | M] () -- C:\Windows\SysWOW64\BsTrace.dll
MOD - [2012/07/10 16:26:44 | 000,011,264 | ---- | M] () -- C:\Windows\SysWOW64\SCChangeMonitor.dll
MOD - [2012/06/08 10:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/08 03:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/05/30 06:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\wincfi39.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/20 09:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 08:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 06:32:59 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/09/20 06:32:58 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/09/20 06:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 06:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/09/20 06:30:38 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/08/10 14:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/07/26 03:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/26 03:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/26 03:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 03:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/26 03:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 03:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 03:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/26 03:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 03:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 03:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 03:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/26 03:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 03:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 03:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/26 03:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 03:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/07/22 07:30:36 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/04/20 13:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2012/11/06 17:04:12 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/11/06 11:05:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/24 17:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/11 11:17:59 | 002,312,216 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012/10/11 02:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe -- (NIS)
SRV - [2012/09/20 08:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/10 16:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/08 11:09:02 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/08/02 10:56:46 | 001,544,192 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2012/07/26 03:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/26 03:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/26 03:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/18 01:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 01:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/18 01:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/07/18 01:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/14 16:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/07/10 17:11:20 | 000,138,752 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe -- (BsHelpCS)
SRV - [2012/07/09 12:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/11/21 20:32:02 | 000,032,768 | ---- | M] (Acesoft) [On_Demand | Stopped] -- C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\tepsrv.exe -- (tepsrv)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/06 17:01:07 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/10/09 01:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/04 01:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/10/04 01:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symds64.sys -- (SymDS)
DRV:64bit: - [2012/10/04 01:19:14 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/09/20 08:31:29 | 000,068,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/09/20 07:55:33 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/09/20 07:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/09/20 07:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 07:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 07:55:30 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 07:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/09/20 07:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 07:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/20 07:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/09/20 07:03:06 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/09/20 07:03:03 | 000,055,528 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 06:09:11 | 000,031,104 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/09/20 06:08:40 | 000,117,632 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2012/09/20 06:08:27 | 000,029,952 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/09/18 17:51:20 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/09/07 02:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/07 01:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/08/24 09:38:28 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/24 09:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/24 09:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/10 14:24:28 | 000,042,400 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/08/10 14:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/09 13:48:18 | 000,695,392 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2012/08/08 21:28:38 | 001,958,984 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/08 20:46:34 | 000,048,736 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IvtUrbBtFlt.sys -- (btUrbFilterDrv)
DRV:64bit: - [2012/08/08 05:17:54 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/03 13:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/07/31 19:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/31 08:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/26 05:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 05:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 05:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 05:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 05:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 05:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 05:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 05:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 05:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 05:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 05:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 05:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 05:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 05:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 05:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 05:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 05:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 05:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 05:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 04:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 04:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 04:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 04:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/26 04:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/26 03:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 03:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/07/26 02:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/26 02:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 02:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 02:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 02:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 02:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/07/26 02:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 02:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 02:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 02:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 02:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 02:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 02:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 02:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 02:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 02:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 02:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 02:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 02:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 02:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/07/26 02:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 02:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/26 02:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 02:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 02:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 22:53:22 | 011,926,528 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/22 07:30:36 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/07/19 16:47:40 | 000,056,904 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BtL2caScoIf.sys -- (BthL2caScoIfSrv)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/04 13:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/07/02 23:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/29 02:00:48 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/25 09:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/20 21:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symelam.sys -- (SymELAM)
DRV:64bit: - [2012/06/19 15:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/15 10:22:02 | 000,023,136 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BtAudioBus.sys -- (BtAudioBusSrv)
DRV:64bit: - [2012/01/11 18:11:54 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\srtspx64.sys -- (SRTSPX)
DRV - [2012/11/05 15:26:18 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20121114.008\ex64.sys -- (NAVEX15)
DRV - [2012/11/05 15:26:18 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/11/05 15:26:18 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/11/05 15:26:18 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20121114.008\eng64.sys -- (NAVENG)
DRV - [2012/11/03 06:37:24 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20121114.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/10/23 23:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20121106.001\BHDrvx64.sys -- (BHDrvx64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{78F939B8-B5C2-4BD4-AEC0-6360FB28260E}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{00070B1A-A569-B82E-3F6E-55413938BB1E}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=894205108
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{78F939B8-B5C2-4BD4-AEC0-6360FB28260E}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{00070B1A-A569-B82E-3F6E-55413938BB1E}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{78F939B8-B5C2-4BD4-AEC0-6360FB28260E}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2012/11/14 15:10:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2012/11/05 15:03:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/13 15:02:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/14 15:11:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/14 15:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Extensions
[2012/11/14 15:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\oisbga57.default\extensions
[2012/11/14 15:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/24 17:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 17:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 17:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/15 17:15:08 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08D31D2A-9A94-4576-B40B-38146B93F409}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38FE2CC8-EB4F-4E70-A369-E1DD12386933}: DhcpNameServer = 40.24.1.201 40.24.1.202
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cf6fcdfa-2a61-11e2-be75-6894234cfe3a}\Shell - "" = AutoRun
O33 - MountPoints2\{cf6fcdfa-2a61-11e2-be75-6894234cfe3a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/15 17:15:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/14 15:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/14 14:55:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012/11/14 14:55:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012/11/13 15:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
[2012/11/13 15:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Shredder
[2012/11/13 15:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/11/13 15:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/11/13 15:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/11/13 15:02:46 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/11/13 15:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/11/13 15:02:36 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Real
[2012/11/13 15:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/11/13 14:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/11/13 14:53:00 | 000,000,000 | ---D | C] -- C:\Restoration
[2012/11/12 22:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracks Eraser Pro
[2012/11/12 22:34:52 | 000,277,504 | ---- | C] (Nektra S.A.) -- C:\Windows\SysWow64\oestore.dll
[2012/11/12 22:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acesoft
[2012/11/11 15:57:53 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Adobe
[2012/11/11 15:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/11/11 15:12:48 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\New folder
[2012/11/09 12:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/11/09 12:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/11/09 12:48:42 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Google
[2012/11/09 12:20:11 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Skype
[2012/11/09 12:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/09 12:20:02 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/11/09 12:20:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/09 12:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/11/09 11:42:01 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\{34A0B027-EAB3-4299-94F5-0F23174E7A18}
[2012/11/09 10:47:24 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\TuneUp Software
[2012/11/09 10:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/11/09 10:47:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012/11/09 10:47:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/11/09 10:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp
[2012/11/09 10:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia
[2012/11/09 10:45:30 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\TuneUpMedia
[2012/11/09 10:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2012/11/06 23:04:01 | 000,000,000 | R--D | C] -- C:\Users\Bob\Documents\HP Photo Creations
[2012/11/06 23:04:01 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Visan
[2012/11/06 22:55:26 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\OneNote Notebooks
[2012/11/06 22:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/11/06 22:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/11/06 22:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/11/06 22:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/11/06 22:48:27 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Microsoft Help
[2012/11/06 22:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/11/06 22:47:54 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/11/06 17:07:16 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2012/11/06 17:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012/11/06 17:02:17 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\Fonts
[2012/11/06 17:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/11/06 17:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/11/06 16:30:35 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Identities
[2012/11/06 15:12:10 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\ids
[2012/11/06 15:12:09 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Car
[2012/11/06 12:24:46 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Apple Computer
[2012/11/06 12:24:45 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Apple Computer
[2012/11/06 12:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/06 12:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/06 12:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/06 12:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/11/06 12:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/11/06 12:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/11/06 12:23:38 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Apple
[2012/11/06 12:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/11/06 12:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/11/06 12:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/11/06 11:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2012/11/06 11:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2012/11/06 11:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2012/11/06 11:25:58 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\HpUpdate
[2012/11/06 11:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/11/06 11:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/11/06 11:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/11/06 11:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/11/06 11:17:08 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Macromedia
[2012/11/06 11:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/11/06 10:55:37 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\HP
[2012/11/06 10:37:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/11/05 16:46:18 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\hpqlog
[2012/11/05 16:09:57 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Mozilla
[2012/11/05 16:09:57 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Mozilla
[2012/11/05 16:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/05 16:09:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/05 16:03:36 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Macromedia
[2012/11/05 15:26:45 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Hewlett-Packard
[2012/11/05 15:07:02 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Hewlett-Packard
[2012/11/05 15:06:59 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Bluetooth
[2012/11/05 15:06:59 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\bluesoleil
[2012/11/05 15:06:25 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/05 15:06:25 | 000,000,000 | R--D | C] -- C:\Users\Bob\Searches
[2012/11/05 15:06:25 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/11/05 15:06:24 | 000,000,000 | R--D | C] -- C:\Users\Bob\Contacts
[2012/11/05 15:06:20 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Adobe
[2012/11/05 15:06:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2012/11/05 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Power2Go8
[2012/11/05 15:04:34 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Synaptics
[2012/11/05 15:03:20 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\VirtualStore
[2012/11/05 15:03:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2012/11/05 15:03:04 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Packages
[2012/11/05 15:02:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/11/05 15:02:09 | 000,000,000 | --SD | C] -- C:\Users\Bob\AppData\Roaming\Microsoft
[2012/11/05 15:02:09 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2012/11/05 15:02:09 | 000,000,000 | R--D | C] -- C:\Users\Bob\Desktop
[2012/11/05 15:02:09 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/05 15:02:09 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2012/11/05 15:02:09 | 000,000,000 | -H-D | C] -- C:\Users\Bob\AppData
[2012/11/05 15:02:09 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Temp
[2012/11/05 15:02:09 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Microsoft
[2012/11/05 15:02:09 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Videos
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Saved Games
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Pictures
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Music
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Links
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Favorites
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Downloads
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Documents
[2012/11/05 15:02:08 | 000,000,000 | -H-D | C] -- C:\Users\Bob\Documents\hp.system.package.metadata
[2012/11/05 15:02:08 | 000,000,000 | -H-D | C] -- C:\Users\Bob\Documents\hp.applications.package.appdata

========== Files - Modified Within 30 Days ==========

[2012/11/15 17:28:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/11/15 17:24:07 | 000,941,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/15 17:24:07 | 000,788,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/15 17:24:07 | 000,162,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/15 17:22:58 | 000,000,821 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2012/11/15 17:22:22 | 001,724,123 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\Cat.DB
[2012/11/15 17:21:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/15 17:21:38 | 000,004,523 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012/11/15 17:21:12 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/15 17:19:53 | 000,000,043 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012/11/15 17:19:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2012/11/15 17:19:24 | 768,622,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/15 17:15:08 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/11/15 16:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/15 16:53:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/14 20:20:02 | 000,000,231 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2012/11/14 15:11:48 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/13 15:17:59 | 000,000,972 | ---- | M] () -- C:\Users\Bob\Desktop\File Shredder.lnk
[2012/11/13 15:03:10 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/11/13 15:02:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/11/13 14:57:08 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/11/13 14:52:28 | 000,290,500 | ---- | M] () -- C:\Users\Bob\AppData\Local\funmoods-speeddial_sf.crx
[2012/11/13 14:52:28 | 000,031,465 | ---- | M] () -- C:\Users\Bob\AppData\Local\funmoods.crx
[2012/11/12 22:34:57 | 000,001,160 | ---- | M] () -- C:\Users\Bob\Desktop\Tracks Eraser Pro.lnk
[2012/11/12 11:50:14 | 000,002,967 | ---- | M] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2012/11/09 22:57:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2012/11/09 22:13:20 | 000,067,986 | ---- | M] () -- C:\Users\Bob\Documents\LGW285XX227E.pdf
[2012/11/09 12:49:46 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/11/09 12:20:03 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/09 10:46:53 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp.lnk
[2012/11/06 23:42:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2012/11/06 23:03:27 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/11/06 22:55:26 | 000,001,310 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/11/06 17:14:17 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/11/06 17:11:16 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBob.job
[2012/11/06 17:10:19 | 000,010,074 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\VT20121008.022
[2012/11/06 17:04:15 | 000,000,060 | ---- | M] () -- C:\Windows\wininit.ini
[2012/11/06 17:04:10 | 000,001,213 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 7.0.lnk
[2012/11/06 12:24:44 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/06 11:25:54 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3000 J310 series.lnk
[2012/11/06 11:25:53 | 000,002,272 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3000 J310 series.lnk
[2012/11/06 11:25:44 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/10/19 12:07:54 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\isolate.ini

========== Files Created - No Company Name ==========

[2012/11/14 15:11:48 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/14 15:11:46 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/13 15:17:58 | 000,000,972 | ---- | C] () -- C:\Users\Bob\Desktop\File Shredder.lnk
[2012/11/13 15:03:10 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/11/13 14:57:08 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/11/13 14:52:34 | 000,290,500 | ---- | C] () -- C:\Users\Bob\AppData\Local\funmoods-speeddial_sf.crx
[2012/11/13 14:52:32 | 000,031,465 | ---- | C] () -- C:\Users\Bob\AppData\Local\funmoods.crx
[2012/11/12 22:34:56 | 000,001,160 | ---- | C] () -- C:\Users\Bob\Desktop\Tracks Eraser Pro.lnk
[2012/11/09 22:57:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2012/11/09 22:13:20 | 000,067,986 | ---- | C] () -- C:\Users\Bob\Documents\LGW285XX227E.pdf
[2012/11/09 12:49:45 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/11/09 12:48:49 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/09 12:48:48 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/09 12:20:03 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/09 10:46:53 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp.lnk
[2012/11/06 23:42:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2012/11/06 23:03:28 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/11/06 22:55:25 | 000,001,310 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/11/06 17:04:15 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/06 17:04:10 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 7.0.lnk
[2012/11/06 17:04:09 | 000,001,213 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 7.0.lnk
[2012/11/06 15:13:35 | 000,361,934 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2012/11/06 15:13:12 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2012/11/06 15:13:12 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/11/06 15:12:05 | 001,008,075 | ---- | C] () -- C:\Users\Bob\Documents\VillaAdria.xps
[2012/11/06 15:12:05 | 000,005,454 | ---- | C] () -- C:\Users\Bob\Documents\Trees RegisterSY330651[1].pdf
[2012/11/06 15:12:04 | 000,301,038 | ---- | C] () -- C:\Users\Bob\Documents\Travel Insurance for India.pdf
[2012/11/06 15:12:01 | 001,312,616 | ---- | C] () -- C:\Users\Bob\Documents\Tallinn_en.pdf
[2012/11/06 15:12:01 | 000,033,421 | -H-- | C] () -- C:\Users\Bob\Documents\songs.rtf
[2012/11/06 15:11:59 | 001,346,606 | ---- | C] () -- C:\Users\Bob\Documents\Riga_en.pdf
[2012/11/06 15:11:57 | 000,536,480 | ---- | C] () -- C:\Users\Bob\Documents\RAC_Policy_ Corsa.pdf
[2012/11/06 15:11:56 | 000,005,201 | ---- | C] () -- C:\Users\Bob\Documents\perftest - Shortcut.lnk
[2012/11/06 15:11:54 | 001,491,728 | ---- | C] () -- C:\Users\Bob\Documents\Mobile User Guide K700.pdf
[2012/11/06 15:11:52 | 000,000,423 | ---- | C] () -- C:\Users\Bob\Documents\Le Mans.html
[2012/11/06 15:11:51 | 000,106,967 | ---- | C] () -- C:\Users\Bob\Documents\itinerary.xps
[2012/11/06 15:11:50 | 001,468,523 | ---- | C] () -- C:\Users\Bob\Documents\Israel & Palestine Territories - Jerusalem (Chapter).pdf
[2012/11/06 15:11:49 | 000,002,052 | ---- | C] () -- C:\Users\Bob\Documents\Invoice.htm
[2012/11/06 15:11:46 | 000,614,409 | ---- | C] () -- C:\Users\Bob\Documents\Epsom44.pdf
[2012/11/06 15:11:44 | 001,583,860 | ---- | C] () -- C:\Users\Bob\Documents\ELECTION.jpg
[2012/11/06 15:11:43 | 000,156,788 | ---- | C] () -- C:\Users\Bob\Documents\Chingoma to Addis Ababa xls.pdf
[2012/11/06 15:11:43 | 000,023,018 | ---- | C] () -- C:\Users\Bob\Documents\chelsea BADGE.jpg
[2012/11/06 15:11:42 | 000,510,718 | ---- | C] () -- C:\Users\Bob\Documents\ccsetup123.exe
[2012/11/06 15:11:42 | 000,061,074 | ---- | C] () -- C:\Users\Bob\Documents\cc_20051224_1802.reg
[2012/11/06 15:11:41 | 000,532,081 | ---- | C] () -- C:\Users\Bob\Documents\cardoman club conf.xps
[2012/11/06 12:24:43 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/06 12:23:37 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/11/06 12:12:12 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBob.job
[2012/11/06 12:09:18 | 000,002,967 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2012/11/06 12:08:21 | 000,000,231 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2012/11/06 11:26:02 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/11/06 11:25:53 | 000,002,272 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3000 J310 series.lnk
[2012/11/06 11:25:53 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3000 J310 series.lnk
[2012/11/06 11:25:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/11/06 11:05:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/05 15:06:20 | 000,001,434 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/05 15:06:01 | 000,002,226 | ---- | C] () -- C:\Users\Public\Desktop\Visit eBay.co.uk.lnk
[2012/11/05 15:06:00 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\HP Games.lnk
[2012/11/05 15:05:59 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish Photos.lnk
[2012/09/18 17:30:05 | 000,004,523 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012/09/18 17:30:05 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012/08/10 16:45:30 | 000,000,821 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2012/08/08 05:18:02 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/08/08 05:17:52 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/08 05:17:50 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/08/03 22:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/27 13:50:34 | 000,333,312 | ---- | C] () -- C:\Windows\SysWow64\BsExtendFunc.dll
[2012/07/26 08:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 08:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 07:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 01:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 20:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 20:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 20:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 20:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 20:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/07/10 17:04:10 | 000,062,976 | ---- | C] () -- C:\Windows\SysWow64\BsProfileFunc.dll
[2012/07/10 16:59:40 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\BsTrace.dll
[2012/07/10 16:26:44 | 000,090,208 | ---- | C] () -- C:\Windows\SysWow64\BSSkypeAgent.dll
[2012/07/10 16:26:44 | 000,086,108 | ---- | C] () -- C:\Windows\SysWow64\BSVoIPComm.dll
[2012/07/10 16:26:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2012/07/10 16:26:44 | 000,049,664 | ---- | C] () -- C:\Windows\SysWow64\BSWMPPlugin.dll
[2012/07/10 16:26:44 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\SCChangeMonitor.dll
[2012/06/13 07:45:02 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\SROF.dll
[2012/06/04 20:31:00 | 000,000,417 | ---- | C] () -- C:\Windows\SysWow64\RaoBLE.ini
[2012/06/02 14:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/08/16 20:00:28 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/10/11 05:45:39 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/10/11 05:07:29 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 03:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 03:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 03:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/05 15:04:34 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Synaptics
[2012/11/09 10:47:24 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\TuneUp Software
[2012/11/11 16:08:54 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\TuneUpMedia
[2012/11/06 23:04:01 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Visan

========== Purity Check ==========



< End of report >
  • 0

#4
Essexboy
Posted 15 November 2012 - 11:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm it has re-installed.. OK next trick

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#5
eaglet
Posted 15 November 2012 - 02:08 PM

eaglet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Thanks essexboy that seems to have done the trick :)Managed to start Firefox okay without the Clara search sit and IE now shows keystrokes going to Bing

Really appreciate your help


# AdwCleaner v2.007 - Logfile created 11/15/2012 at 19:56:14
# Updated 06/11/2012 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Bob - BOBSLAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Bob\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

File Deleted : C:\Users\Bob\AppData\Local\funmoods.crx
Folder Deleted : C:\ProgramData\Browser Manager

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.10.9200.16420

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\oisbga57.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6351 octets] - [15/11/2012 19:56:14]

########## EOF - C:\AdwCleaner[S1].txt - [6411 octets] ##########
  • 0

#6
Essexboy
Posted 15 November 2012 - 02:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have a few searches to ensure it has gone, then once you are happy I will remove my tools :)
  • 0

#7
eaglet
Posted 17 November 2012 - 04:20 AM

eaglet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi Essexboy

Thanks for that it seems to have done the trick. I have a very similar problem on this laptop running windows 7. I dont know if I should start a new thread but I thought I'd tell you anyway. This time the culprit on my browsers is something called Incredibar.com http://mystart.incre...R8L83P1bS&i=26. Also the laptop has become quite unstable in that after only a short period the mouse pointer starts to jump around and windows freeze. I've attached an OTL log below and any help you can give would be warmly received :)

OTL logfile created on: 11/17/2012 9:00:40 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bob Profile\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.86 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 65.40% Memory free
7.73 Gb Paging File | 5.65 Gb Available in Paging File | 73.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 3.26 Gb Free Space | 5.56% Space Free | Partition Type: NTFS
Drive D: | 397.30 Gb Total Space | 78.17 Gb Free Space | 19.67% Space Free | Partition Type: NTFS
Drive E: | 156.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BOB-PC | User Name: Bob Profile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/17 08:59:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bob Profile\Downloads\OTL.exe
PRC - [2012/10/28 11:43:05 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/24 18:59:32 | 000,802,304 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/09/14 20:16:30 | 002,378,648 | ---- | M] (SkyHawke) -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
PRC - [2012/09/07 10:07:12 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/09/07 10:07:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/08 22:40:29 | 000,149,896 | ---- | M] (Microsoft ® Corporation) -- C:\Users\Bob\IAG Remote Access Agent\portalchristianaidorguk\portal1\uagqecsvc.exe
PRC - [2011/10/29 07:42:23 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/06/17 17:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2010/11/09 15:15:02 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/08/05 19:03:08 | 000,181,312 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe
PRC - [2009/08/17 21:09:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/12/18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/28 11:43:04 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/09/14 20:16:30 | 000,166,296 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\conduitscripting0.dll
MOD - [2012/09/14 20:11:04 | 000,591,360 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qjson0.dll
MOD - [2012/09/14 20:10:50 | 000,107,008 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qextserialport1.dll
MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/05/28 21:18:09 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/05/02 14:45:20 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/23 14:52:52 | 002,537,472 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtCore4.dll
MOD - [2010/09/13 05:12:38 | 000,744,448 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtScriptTools4.dll
MOD - [2010/09/13 02:16:14 | 002,173,952 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtScript4.dll
MOD - [2010/09/13 01:30:18 | 009,814,016 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtGui4.dll
MOD - [2010/09/13 00:55:26 | 001,140,224 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtNetwork4.dll
MOD - [2010/09/13 00:51:28 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtXml4.dll
MOD - [2009/06/22 18:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\libgcc_s_dw2-1.dll
MOD - [2009/01/10 10:32:40 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\mingwm10.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV:64bit: - [2012/10/02 15:20:24 | 001,261,936 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2012/08/23 10:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 12:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 11:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 11:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/01/22 09:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 12:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/10/09 12:52:16 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/08/17 21:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/17 16:06:00 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/12/18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/10/28 11:43:04 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/07 10:07:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/02 14:45:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/08 22:40:29 | 000,149,896 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Users\Bob\IAG Remote Access Agent\portalchristianaidorguk\portal1\uagqecsvc.exe -- (uagqecsvc)
SRV - [2011/11/21 20:32:02 | 000,032,768 | ---- | M] (Acesoft) [On_Demand | Stopped] -- C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\tepsrv.exe -- (tepsrv)
SRV - [2011/06/17 17:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/11/09 18:24:50 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/05 19:03:08 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/04/13 19:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/11 21:53:04 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/02 12:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Kontiki\KService.exe -- (KService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/12/17 21:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 21:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 10:07:30 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/09/04 05:50:20 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 12:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 12:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 12:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 12:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 12:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 12:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 12:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 12:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/15 22:45:54 | 000,047,600 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (SkyhawkeUSBLan)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/04/13 19:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2010/01/22 09:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/01/22 09:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/22 08:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/11/11 11:14:38 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/11/11 11:08:06 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/11/02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/26 20:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/30 09:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 19:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/16 13:47:00 | 000,267,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/21 13:05:14 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/07/21 13:05:14 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/07/21 13:05:14 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/07/21 08:17:16 | 000,135,168 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009/07/17 16:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/17 16:06:00 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 03:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/09 09:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/01 12:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 12:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 12:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/18 14:15:16 | 000,041,032 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2009/06/15 19:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/27 13:15:16 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/04/07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/10/30 10:24:24 | 000,505,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys -- (RapportCerberus_43926)
DRV - [2012/09/07 10:07:30 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/09/07 10:07:30 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A8BFC6EE-35B2-47F8-AD25-CF623F9B5B06}
IE:64bit: - HKLM\..\SearchScopes\{A8BFC6EE-35B2-47F8-AD25-CF623F9B5B06}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {5151B5EB-CCD8-4534-8BD9-DE464A819EA8}
IE - HKLM\..\SearchScopes\{5151B5EB-CCD8-4534-8BD9-DE464A819EA8}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...6R8L83P1bS&i=26
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{C9DAD5ED-64B9-4296-B433-143590BB7CA9}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R8L83P1bS&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.530
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Bob Profile\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2012/11/13 14:21:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/01 21:37:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/03/10 13:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\BiroSolutions\Web Album Copier\\FirefoxExtensions\albumcopier [2011/12/13 15:07:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/04/05 11:29:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/26 10:33:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/11/09 13:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012/11/13 14:21:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 11:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/07 12:25:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5\extensions\\[email protected]: C:\Program Files (x86)\BiroSolutions\Web Album Copier\\FirefoxExtensions\albumcopier [2011/12/13 15:07:10 | 000,000,000 | ---D | M]

[2012/07/19 16:11:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob Profile\AppData\Roaming\Mozilla\Extensions
[2012/11/13 14:21:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob Profile\AppData\Roaming\Mozilla\Firefox\Profiles\7rmzunn8.default\extensions
[2012/10/12 11:56:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Bob Profile\AppData\Roaming\Mozilla\Firefox\Profiles\7rmzunn8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/11/11 15:27:36 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\Bob Profile\AppData\Roaming\Mozilla\Firefox\Profiles\7rmzunn8.default\extensions\[email protected]
[2012/11/13 14:21:43 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Bob Profile\AppData\Roaming\Mozilla\Firefox\Profiles\7rmzunn8.default\extensions\[email protected]
[2012/11/11 15:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob Profile\AppData\Roaming\Mozilla\Firefox\Profiles\7rmzunn8.default\extensions\[email protected]\chrome\content\extensionCode
[2012/11/13 14:21:13 | 000,002,203 | ---- | M] () -- C:\Users\Bob Profile\AppData\Roaming\Mozilla\Firefox\Profiles\7rmzunn8.default\searchplugins\MyStart Search.xml
[2012/09/12 13:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/04 18:23:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/11/13 14:21:26 | 000,000,000 | ---D | M] (IB Updater) -- C:\PROGRAM FILES\IB UPDATER\FIREFOX
[2012/10/28 11:43:05 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/30 14:15:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/10 14:05:04 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/10/20 21:19:20 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120622132637.dll (McAfee, Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622132637.dll (McAfee, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe (SkyHawke)
O4 - HKLM..\Run: [kdx] C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Bob Profile\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [kdx] C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\Bob Profile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bob Profile\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bob Profile\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C5EAFF0-ED68-433C-AA8B-48EC50F00CD0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CCD6B88-7A28-4258-837C-74241E5E4EC0}: DhcpNameServer = 172.31.139.17 172.30.139.17
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/27 17:35:18 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2011/12/27 16:34:21 | 000,532,781 | ---- | M] () - C:\Autoruns.zip -- [ NTFS ]
O32 - AutoRun File - [2010/11/17 00:59:41 | 000,000,131 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{c3f81bca-24b2-11df-90d7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c3f81bca-24b2-11df-90d7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2010/11/17 00:59:41 | 000,297,832 | R--- | M] (Hewlett-Packard Co.)
O33 - MountPoints2\{dd38b763-d84c-11df-8d2f-0026b92337f7}\Shell - "" = AutoRun
O33 - MountPoints2\{dd38b763-d84c-11df-8d2f-0026b92337f7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/17 08:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/11/15 03:39:20 | 000,000,000 | ---D | C] -- C:\Users\Bob Profile\AppData\Local\Eraser 6
[2012/11/14 12:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2012/11/13 14:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
[2012/11/13 14:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\File Shredder
[2012/11/13 14:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012/11/13 14:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012/11/13 14:21:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Incredibar.com
[2012/11/13 14:21:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ARFC
[2012/11/13 14:21:31 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2012/11/13 14:21:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT
[2012/11/13 14:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\IB Updater
[2012/11/12 22:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracks Eraser Pro
[2012/11/12 22:08:04 | 000,277,504 | ---- | C] (Nektra S.A.) -- C:\Windows\SysWow64\oestore.dll
[2012/11/12 22:08:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acesoft
[2012/11/09 12:59:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2012/11/09 12:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2012/11/09 12:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2012/11/09 12:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2012/11/09 12:54:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/11/09 12:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/11/09 12:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/11/09 12:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/11/09 12:46:22 | 000,000,000 | ---D | C] -- C:\Users\Bob Profile\AppData\Local\HP
[2012/10/30 21:59:58 | 000,000,000 | ---D | C] -- C:\AMD
[2012/10/30 17:29:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/10/30 17:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2012/10/30 17:01:10 | 000,000,000 | ---D | C] -- C:\Users\Bob Profile\AppData\Local\Dell Edoc Viewer
[2012/10/20 07:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

========== Files - Modified Within 30 Days ==========

[2012/11/17 09:00:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3670614107-2635505704-196986806-1005UA.job
[2012/11/17 08:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/17 08:42:32 | 000,014,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/17 08:42:32 | 000,014,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/17 08:41:28 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/17 08:41:28 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/17 08:41:28 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/17 08:33:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/17 08:33:37 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/17 08:29:01 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3670614107-2635505704-196986806-1003UA.job
[2012/11/16 15:00:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3670614107-2635505704-196986806-1005Core.job
[2012/11/16 13:54:13 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3670614107-2635505704-196986806-1003Core.job
[2012/11/15 03:42:48 | 000,352,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/14 12:36:13 | 000,001,749 | ---- | M] () -- C:\Users\Public\Desktop\Eraser.lnk
[2012/11/13 14:26:45 | 000,000,849 | ---- | M] () -- C:\Users\Bob Profile\Desktop\File Shredder.lnk
[2012/11/13 14:21:46 | 000,000,450 | ---- | M] () -- C:\user.js
[2012/11/12 22:08:08 | 000,001,158 | ---- | M] () -- C:\Users\Bob Profile\Desktop\Tracks Eraser Pro.lnk
[2012/11/09 12:57:41 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/11/09 12:54:19 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3000 J310 series.lnk
[2012/11/09 12:54:16 | 000,002,238 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3000 J310 series.lnk
[2012/11/09 12:24:00 | 000,000,000 | -H-- | M] () -- C:\Users\Bob Profile\Documents\Default.rdp
[2012/10/20 07:48:13 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/10/20 07:48:13 | 000,002,096 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

========== Files Created - No Company Name ==========

[2012/11/14 12:36:13 | 000,001,749 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2012/11/14 12:36:12 | 000,001,761 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2012/11/13 14:26:45 | 000,000,849 | ---- | C] () -- C:\Users\Bob Profile\Desktop\File Shredder.lnk
[2012/11/13 14:22:47 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll
[2012/11/13 14:21:44 | 000,000,450 | ---- | C] () -- C:\user.js
[2012/11/13 14:21:32 | 001,261,936 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2012/11/12 22:08:08 | 000,001,158 | ---- | C] () -- C:\Users\Bob Profile\Desktop\Tracks Eraser Pro.lnk
[2012/11/09 13:02:27 | 000,001,382 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2012/11/09 12:57:41 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/11/09 12:54:19 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3000 J310 series.lnk
[2012/11/09 12:54:16 | 000,002,238 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3000 J310 series.lnk
[2012/11/09 12:24:00 | 000,000,000 | -H-- | C] () -- C:\Users\Bob Profile\Documents\Default.rdp
[2012/05/24 11:18:21 | 000,103,784 | ---- | C] () -- C:\Users\Bob Profile\GoToAssistDownloadHelper.exe
[2012/05/24 11:05:18 | 000,000,632 | RHS- | C] () -- C:\Users\Bob Profile\ntuser.pol
[2011/10/29 08:48:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\mail.dat
[2011/10/29 08:48:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\mess.dat
[2011/10/29 08:48:23 | 000,064,296 | ---- | C] () -- C:\Windows\SysWow64\ffpw.dat
[2011/10/29 08:48:23 | 000,000,002 | ---- | C] () -- C:\Windows\SysWow64\chro.dat
[2011/07/28 15:49:58 | 000,000,129 | ---- | C] () -- C:\Windows\ScreenHunter.INI
[2010/11/25 19:31:55 | 000,148,992 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/19 14:36:29 | 000,000,000 | ---D | M] -- C:\Users\Bob Profile\AppData\Roaming\BitZipper
[2012/10/12 11:57:03 | 000,000,000 | ---D | M] -- C:\Users\Bob Profile\AppData\Roaming\DVDVideoSoft
[2012/10/12 11:56:57 | 000,000,000 | ---D | M] -- C:\Users\Bob Profile\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/11/01 21:36:08 | 000,000,000 | ---D | M] -- C:\Users\Bob Profile\AppData\Roaming\PCDr
[2012/07/22 22:23:49 | 000,000,000 | ---D | M] -- C:\Users\Bob Profile\AppData\Roaming\Photodex
[2012/05/24 11:06:28 | 000,000,000 | ---D | M] -- C:\Users\Bob Profile\AppData\Roaming\Tatara Systems
[2010/06/16 13:57:38 | 000,000,000 | ---D | M] -- C:\Users\Bob Profile\AppData\Roaming\Trusteer
[2012/11/04 21:22:10 | 000,000,000 | ---D | M] -- C:\Users\Bob Profile\AppData\Roaming\TuneUpMedia

========== Purity Check ==========



< End of report >
  • 0

#8
Essexboy
Posted 17 November 2012 - 06:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK run these and let me know on completion of any remaining problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV:64bit: - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV:64bit: - [2012/10/02 15:20:24 | 001,261,936 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...6R8L83P1bS&i=26
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R8L83P1bS&i=26
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.530
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2012/11/13 14:21:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012/11/13 14:21:26 | 000,000,000 | ---D | M]
[2012/10/12 11:56:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Bob Profile\AppData\Roaming\Mozilla\Firefox\Profiles\7rmzunn8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/11/11 15:27:36 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\Bob Profile\AppData\Roaming\Mozilla\Firefox\Profiles\7rmzunn8.default\extensions\[email protected]
[2012/11/13 14:21:43 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Bob Profile\AppData\Roaming\Mozilla\Firefox\Profiles\7rmzunn8.default\extensions\[email protected]
[2012/11/11 15:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob Profile\AppData\Roaming\Mozilla\Firefox\Profiles\7rmzunn8.default\extensions\[email protected]\chrome\content\extensionCode
[2012/11/13 14:21:13 | 000,002,203 | ---- | M] () -- C:\Users\Bob Profile\AppData\Roaming\Mozilla\Firefox\Profiles\7rmzunn8.default\searchplugins\MyStart Search.xml
[2012/11/13 14:21:26 | 000,000,000 | ---D | M] (IB Updater) -- C:\PROGRAM FILES\IB UPDATER\FIREFOX
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bob Profile\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bob Profile\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
[2012/11/13 14:21:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Incredibar.com
[2012/11/13 14:21:31 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2012/11/13 14:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\IB Updater
[2012/11/13 14:21:32 | 001,261,936 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2012/11/13 14:21:44 | 000,000,450 | ---- | C] () -- C:\user.js
[2012/10/12 11:57:03 | 000,000,000 | ---D | M] -- C:\Users\Bob Profile\AppData\Roaming\DVDVideoSoft
[2012/10/12 11:56:57 | 000,000,000 | ---D | M] -- C:\Users\Bob Profile\AppData\Roaming\DVDVideoSoftIEHelpers

:Files
C:\Program Files (x86)\Vid-Saver

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#9
eaglet
Posted 18 November 2012 - 06:49 AM

eaglet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Thanks Essexboy thats done the trick :)
Log below

Ive sent a small paypal donation by way of thanks

# AdwCleaner v2.008 - Logfile created 11/18/2012 at 12:39:36
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Bob Profile - BOB-PC
# Boot Mode : Normal
# Running from : C:\Users\Bob Profile\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\wzr7incw.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DVDVideoSoftTB
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Users\Bob Profile\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Bob Profile\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Bob Profile\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Bob\AppData\Local\Conduit
Folder Deleted : C:\Users\Bob\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Bob\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\wzr7incw.default\ConduitCommon
Folder Deleted : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\wzr7incw.default\CT2269050
Folder Deleted : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\wzr7incw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DVDVideoSoftTB
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D8FE9D8-652E-4743-9CA0-306230A23542}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36960858-F512-4BCE-81C1-7E46622922F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\wzr7incw.default\prefs.js

Deleted : user_pref("CT2269050..clientLogIsEnabled", true);
Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129575150554007677", true);
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "8-2-2012");
Deleted : user_pref("CT2269050.DSInstall", true);
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Tue Feb 07 2012 22:36:03 GMT+0000 (GMT Standard T[...]
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Tue Feb 07 2012 22:35:54 GMT+0000 (GMT Standard Time)"[...]
Deleted : user_pref("CT2269050.FirstServerDate", "17-11-2011");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.HPInstall", true);
Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);
Deleted : user_pref("CT2269050.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=[...]
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Thu Nov 17 2011 10:11:45 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsAlertDBUpdated", true);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsInitSetupIni", true);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.IsProtectorsInit", true);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Tue Feb 07 2012 22:36:02 GMT+0000 (GMT Standard Ti[...]
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_3.8.0.8", "Thu Nov 17 2011 10:11:51 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2269050.LastLogin_3.9.0.3", "Tue Feb 07 2012 22:35:58 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2269050.LatestVersion", "3.9.0.3");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2269050.OriginalFirstVersion", "3.8.0.8");
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Tue Feb 07 2012 22:35:56 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SavedHomepage", "hxxp://www.cpfc.co.uk/page/Home/");
Deleted : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Tue Feb 07 2012 22:35:58 GMT+0000 (GMT Standard [...]
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2269050.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2269050.SearchProtectorEnabled", false);
Deleted : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Tue Feb 07 2012 22:35:54 GMT+0000 (GMT Standard Time[...]
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Tue Feb 07 2012 22:35:53 GMT+0000 (GMT Standard Time)"[...]
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1327227404");
Deleted : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Tue Feb 07 2012 22:35:53 GMT+0000 (GMT Standar[...]
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2269050.UserID", "UN11476452864704978");
Deleted : user_pref("CT2269050.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Tue Feb 07 2012 22:35:58 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E6F727174354379453A3D2A722C757A787D312833232[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6F716E72716F7776");
Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737577747877757D7C242F4B4947[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3A3A6971734370757A74454978207D4D774F25797C4E532A25[...]
Deleted : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Deleted : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Deleted : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Deleted : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Deleted : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6A6B3C3E714175447A45767A77747D7B7B4C79217B");
Deleted : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F716E72716F7675717676");
Deleted : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT2269050.backendstorage.cbfirsttime", "5475652046656220303720323031322032323A33363A30392[...]
Deleted : user_pref("CT2269050.backendstorage.facebook_mode", "32");
Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "53756E2046656220313220323031322032323A[...]
Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "756E69746564206B696E67646F6D");
Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Tue Feb 07 2012 22:36:05 GMT+0000 (GMT Stan[...]
Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.initDone", true);
Deleted : user_pref("CT2269050.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2269050.isFirstRadioInstallation", false);
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,111,129466585399606892,129[...]
Deleted : user_pref("CT2269050.revertSettingsEnabled", true);
Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.testingCtid", "");
Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Tue Feb 07 2012 22:36:02 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Tue Feb 07 2012 22:36:02 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2269050.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/UK", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"cde[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Bob\\AppData\\Roaming\\Mozilla\\Fir[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v213/gadget.html", "[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/07/dd/07caac7[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");
Deleted : user_pref("CommunityToolbar.globalUserId", "06fbac7c-7d2c-4b39-b760-52bfd01861aa");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Feb 07 2012 22:35:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Feb 07 2012 22:36:07 GMT+000[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Feb 07 2012 22:35:55 GMT+0000 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "91fe989e-07f1-4cc4-b881-dcc3cd110715");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.cpfc.co.uk/page/Home/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Deleted : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Deleted : user_pref("extensions.crossriderapp3491.adsOldValue", -1);

Profile name : default
File : C:\Users\Bob Profile\AppData\Roaming\Mozilla\Firefox\Profiles\7rmzunn8.default\prefs.js

C:\Users\Bob Profile\AppData\Roaming\Mozilla\Firefox\Profiles\7rmzunn8.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb185?a=6R8L83P1bS&i=26");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10678");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "5611f8ee000000000000904ce5d5fc38");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15657");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "111");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8L83P1bS&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8L83P1bS");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92825394787053884");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1414:21:46");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Bob Profile\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [31728 octets] - [18/11/2012 12:39:36]

########## EOF - C:\AdwCleaner[S1].txt - [31789 octets] ##########
  • 0

#10
Essexboy
Posted 18 November 2012 - 06:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thank you 'tis appreciated :thumbsup:

Are both systems now up to scratch ? If so this is relevant for both

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run AdwCleaner and press the uninstall button

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

7 Only
Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

BOTH
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#11
Essexboy
Posted 22 November 2012 - 04:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP