Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

i have a virus [Closed]


  • This topic is locked This topic is locked

#1
Misshasntgotacluechris

Misshasntgotacluechris

    New Member

  • Member
  • Pip
  • 1 posts
i have a big problem my laptop is running very slow , when i connect to the internet a program is updating uses 200-300 mbs each time i log on, norton tells me proformace warning that ccsvchst.exe is using high level of memory , i have defraged my disks so many times runs for up to 10 hours to defrag i am having so many issues i have downloaded so many instant scans with even more issues happening , laptop is very slow to start up and to shut down now its painful i know very little about computers, i have tryed to stop all the updates from happening but they continue running updates , i would like to reset my computer if it would help. OTL logfile created on: 11/30/2012 9:25:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.39 Gb Available Physical Memory | 21.17% Memory free
3.73 Gb Paging File | 1.94 Gb Available in Paging File | 52.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.95 Gb Total Space | 148.03 Gb Free Space | 32.97% Space Free | Partition Type: NTFS
Drive D: | 16.51 Gb Total Space | 2.38 Gb Free Space | 14.44% Space Free | Partition Type: NTFS
Drive F: | 9.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 99.02 Mb Total Space | 93.22 Mb Free Space | 94.14% Space Free | Partition Type: FAT32

Computer Name: CHRIS-HP | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/30 21:24:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Downloads\OTL.exe
PRC - [2012/11/26 11:14:39 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\Optus Wireless Broadband.exe
PRC - [2012/11/17 13:42:01 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
PRC - [2012/10/31 17:41:14 | 006,381,496 | ---- | M] (Systweak) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
PRC - [2012/10/12 16:01:18 | 000,898,200 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\UninstallHelper\UninstallHelper.exe
PRC - [2012/10/11 13:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccsvchst.exe
PRC - [2012/10/11 13:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccsvchst.exe
PRC - [2012/09/20 14:05:00 | 001,270,376 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe
PRC - [2012/09/12 12:17:12 | 000,445,624 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012/07/28 07:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/04/30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/11/19 15:48:58 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4barsvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/10 16:12:32 | 000,034,864 | ---- | M] (RadioPI) -- C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebarsvc.exe
PRC - [2011/06/02 10:06:40 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2010/11/09 16:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/09/29 17:55:32 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2009/10/01 15:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 15:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2007/03/12 18:36:36 | 000,288,304 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/26 11:14:39 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\Optus Wireless Broadband.exe
MOD - [2012/11/17 22:17:20 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012/11/17 22:17:16 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/17 22:16:35 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c07aa49ffd41a39bffaf653289f44038\CustomMarshalers.ni.dll
MOD - [2012/11/16 14:33:13 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
MOD - [2012/11/16 14:32:51 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\cf840dca36a7b949696ce331d0532d3e\System.Web.Services.ni.dll
MOD - [2012/11/16 14:32:28 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a30d7e65103254213dc62f238be50f97\System.EnterpriseServices.ni.dll
MOD - [2012/11/16 14:32:26 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
MOD - [2012/11/16 14:32:24 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/16 14:31:14 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/16 14:30:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/16 14:30:54 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f2fb3f4856c403795db6db3f354f1f0b\System.Deployment.ni.dll
MOD - [2012/11/16 14:30:45 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012/11/16 14:30:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/16 14:30:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/16 14:30:01 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/16 14:29:44 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/10/31 17:41:14 | 001,730,488 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\aspsys.dll
MOD - [2012/09/28 10:06:06 | 000,594,432 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012/07/25 12:03:14 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
MOD - [2012/05/31 01:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\wincfi39.dll
MOD - [2012/05/24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012/04/30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012/04/30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2012/04/04 15:33:24 | 000,139,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
MOD - [2012/03/16 13:51:02 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
MOD - [2012/02/13 10:53:50 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
MOD - [2011/11/01 20:32:48 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
MOD - [2010/11/05 12:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/05 12:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/09/14 16:01:00 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
MOD - [2010/01/11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
MOD - [2009/06/11 08:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2007/09/19 18:01:54 | 000,126,976 | R--- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\DetectDev.dll
MOD - [2007/09/19 18:01:46 | 000,421,888 | R--- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\atcomm.dll
MOD - [2007/09/19 10:56:46 | 000,045,056 | R--- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\DeviceOperate.dll
MOD - [2007/09/19 10:56:34 | 000,037,376 | R--- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\XCodec.dll
MOD - [2007/09/18 15:54:28 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\LocaleMgrPlugin.dll
MOD - [2007/09/18 15:53:54 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\SMSPlugin.dll
MOD - [2007/09/18 15:53:10 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\NotifyServicePlugin.dll
MOD - [2007/09/18 15:50:06 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\ConfigFilePlugin.dll
MOD - [2007/09/18 15:49:12 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\DeviceMgrPlugin.dll
MOD - [2007/09/18 15:47:30 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\NetInfoPlugin.dll
MOD - [2007/09/18 15:45:46 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\DialUpPlugin.dll
MOD - [2007/09/18 15:44:48 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\DeviceMgrUIPlugin.dll
MOD - [2007/08/23 16:39:30 | 000,014,848 | R--- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\isaputrace.dll
MOD - [2007/07/31 15:50:04 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\Optus Wireless Broadband\FileManager.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/06 13:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/08/06 13:47:48 | 000,681,528 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/07/22 08:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/25 09:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/18 13:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/17 13:42:02 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/11 13:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe -- (NIS)
SRV - [2012/10/11 13:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe -- (MCLIENT)
SRV - [2012/10/04 10:07:48 | 003,979,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/20 14:05:00 | 001,270,376 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - [2012/07/28 07:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/11/19 15:48:58 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4barsvc.exe -- (DictionaryBossService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/10 16:12:32 | 000,034,864 | ---- | M] (RadioPI) [Auto | Running] -- C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebarsvc.exe -- (RadioPI_4eService)
SRV - [2011/06/02 10:06:40 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/13 10:44:44 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/11/09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/01 15:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 15:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/31 17:30:47 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/10/09 12:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/04 12:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/10/04 12:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symds64.sys -- (SymDS)
DRV:64bit: - [2012/10/04 12:19:14 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/10/04 12:19:14 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MCLIENTx64\0302000.013\ccsetx64.sys -- (ccSet_MCLIENT)
DRV:64bit: - [2012/09/07 13:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/07 12:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/13 02:58:05 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/06/13 02:58:05 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/05/25 16:36:55 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/03/08 19:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 17:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/12/01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/07 17:36:25 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 13:17:04 | 000,649,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2011/02/16 13:17:04 | 000,626,688 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/29 17:55:54 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/09/11 12:20:28 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/05/08 06:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/04/14 03:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/06 06:57:18 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/18 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 11:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/11 08:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 08:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 08:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 07:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/11 07:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/11 07:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/08/24 19:44:24 | 000,112,512 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/10/30 01:00:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121129.023\ex64.sys -- (NAVEX15)
DRV - [2012/10/30 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/10/30 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/10/30 01:00:00 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121129.023\eng64.sys -- (NAVENG)
DRV - [2012/10/27 08:51:20 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20121129.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/10/24 10:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {8bc67b0f-a721-45e0-a0b6-db0121b0aade} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dll (RadioPI)
IE - HKCU\..\URLSearchHook: {e7472076-ff9d-4325-8eaf-613572008758} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{28421690-2766-400C-956D-E780EE4C958C}: "URL" = http://search.condui...&ctid=CT2269050
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yah...42,17148,0,18,0
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F081274F-D20F-4ABB-B589-87AA1D3F9D88}: "URL" = http://websearch.ask...FE-42324976D5A7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@DictionaryBoss.com/Plugin: C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@RadioPI_4e.com/Plugin: C:\Program Files (x86)\RadioPI_4e\bar\1.bin\NP4eStub.dll (RadioPI)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_4e.com: C:\Program Files (x86)\RadioPI_4e\bar\1.bin [2011/10/13 14:22:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/15 21:45:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DictionaryBoss\bar\1.bin [2011/11/19 15:49:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012/08/15 13:56:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012/10/31 17:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2012/11/30 20:34:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/15 21:45:44 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: RadioPI Plugin Stub (Enabled) = C:\Program Files (x86)\RadioPI_4e\bar\1.bin\NP4eStub.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Norton Identity Protection = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\

O1 HOSTS File: ([2009/06/11 08:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Toolbar BHO) - {35fd2bab-ab2b-494f-b5bf-8755ec043784} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll (RadioPI)
O2 - BHO: (Search Assistant BHO) - {4adc9c1b-9c50-4c2d-a471-5c06d8de7e80} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dll (RadioPI)
O2 - BHO: (Search Assistant BHO) - {58376892-60e7-4f63-aca0-0f686af554d6} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrcAs.dll (MindSpark)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Toolbar BHO) - {6eb534fb-2001-45c4-b860-bc904865a379} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (DictionaryBoss) - {3042df7a-e900-4389-9b94-923df0daa57e} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (RadioPI) - {92926b63-5116-4c6f-a33e-378767b8d15f} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll (RadioPI)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DictionaryBoss) - {3042DF7A-E900-4389-9B94-923DF0DAA57E} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (RadioPI) - {92926B63-5116-4C6F-A33E-378767B8D15F} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll (RadioPI)
O4 - HKCU..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files (x86)\Optus Wireless Broadband\Optus Wireless Broadband.exe ()
O4 - HKCU..\Run: [UninstallHelper] C:\Program Files (x86)\W3i\UninstallHelper\UninstallHelper.exe (W3i, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435CAD50-74C8-48E1-A640-C38C9DF450AE}: DhcpNameServer = 10.248.14.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{656BDFEF-3947-4EB7-94C5-5510DFCB4E59}: NameServer = 211.29.132.12 61.88.88.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79D00DD5-E7E3-4D72-97C3-1AC7E5C133EF}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9231114-7DDC-4065-8806-3CFF6BD9643B}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/03/08 10:19:42 | 000,000,064 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{16994350-3759-11e2-8966-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{16994350-3759-11e2-8966-3c4a925534fb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{16994354-3759-11e2-8966-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{16994354-3759-11e2-8966-3c4a925534fb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2710f9a9-a41f-11e0-8754-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{2710f9a9-a41f-11e0-8754-3c4a925534fb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2710f9ad-a41f-11e0-8754-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{2710f9ad-a41f-11e0-8754-3c4a925534fb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{27206c9f-a8b8-11e0-b809-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{27206c9f-a8b8-11e0-b809-3c4a925534fb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2f37d1f9-32ef-11e2-b4ef-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{2f37d1f9-32ef-11e2-b4ef-001e101f2c0e}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2f37d1fc-32ef-11e2-b4ef-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{2f37d1fc-32ef-11e2-b4ef-001e101f2c0e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3b1d3d59-1200-11e2-9dd6-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{3b1d3d59-1200-11e2-9dd6-3c4a925534fb}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{4f61eea9-0878-11e2-bfef-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{4f61eea9-0878-11e2-bfef-3c4a925534fb}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{50ec35c9-a6af-11e0-b8a0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{50ec35c9-a6af-11e0-b8a0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6c04d525-383e-11e2-a866-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6c04d525-383e-11e2-a866-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6c04d541-383e-11e2-a866-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{6c04d541-383e-11e2-a866-3c4a925534fb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{79396d5f-f16f-11e1-bd1b-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{79396d5f-f16f-11e1-bd1b-3c4a925534fb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{79396d65-f16f-11e1-bd1b-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{79396d65-f16f-11e1-bd1b-3c4a925534fb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{79396d82-f16f-11e1-bd1b-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{79396d82-f16f-11e1-bd1b-3c4a925534fb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{79396d84-f16f-11e1-bd1b-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{79396d84-f16f-11e1-bd1b-3c4a925534fb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7d60d1f5-b514-11e1-b344-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{7d60d1f5-b514-11e1-b344-3c4a925534fb}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{8958fab5-f6da-11e0-bf14-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{8958fab5-f6da-11e0-bf14-3c4a925534fb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8a6521bc-087a-11e2-ac0d-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{8a6521bc-087a-11e2-ac0d-001e101f3315}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8a6521be-087a-11e2-ac0d-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{8a6521be-087a-11e2-ac0d-001e101f3315}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b51284d1-dfd6-11e0-8e0c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b51284d1-dfd6-11e0-8e0c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b575ca1a-050b-11e1-b0db-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{b575ca1a-050b-11e1-b0db-3c4a925534fb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b575ca1c-050b-11e1-b0db-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{b575ca1c-050b-11e1-b0db-3c4a925534fb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d44df283-5e53-11e1-a9dd-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{d44df283-5e53-11e1-a9dd-3c4a925534fb}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{d5adb263-375e-11e2-a3b3-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{d5adb263-375e-11e2-a3b3-3c4a925534fb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d5adb267-375e-11e2-a3b3-3c4a925534fb}\Shell - "" = AutoRun
O33 - MountPoints2\{d5adb267-375e-11e2-a3b3-3c4a925534fb}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 15:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/30 19:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2012/11/30 19:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2012/11/30 19:36:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2012/11/30 19:36:06 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Systweak
[2012/11/30 19:36:02 | 000,017,080 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012/11/30 19:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012/11/30 19:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2012/11/29 22:05:00 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/11/28 17:13:47 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{805101EF-4328-447A-9C85-1513B5DCDF55}
[2012/11/26 11:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optus Wireless Broadband
[2012/11/26 11:14:55 | 000,112,512 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2012/11/26 11:14:55 | 000,029,696 | R--- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2012/11/18 10:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/11/18 10:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/11/16 20:16:39 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Dampier Operations Fixed Plant Trainee Operators-PIL002L1 at Rio Tinto
[2012/11/13 09:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/12 13:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/11/05 15:32:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%LOCALAPPDATA%
[71 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/30 21:20:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/30 20:58:35 | 000,025,082 | ---- | M] () -- C:\Windows\SysWow64\log.exe
[2012/11/30 20:39:46 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/30 20:39:46 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/30 20:39:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/30 20:35:21 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/11/30 20:34:11 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\DRIVERfighter Auto Start.job
[2012/11/30 20:32:41 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/30 20:32:06 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/11/30 20:31:54 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/11/30 20:31:49 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012/11/30 20:31:49 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012/11/30 20:31:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/30 20:31:28 | 1501,974,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/30 19:36:52 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012/11/30 19:36:01 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012/11/30 18:57:07 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-520619390-971801995-255844398-1000UA.job
[2012/11/30 09:57:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-520619390-971801995-255844398-1000Core.job
[2012/11/29 22:40:27 | 000,214,077 | ---- | M] () -- C:\Users\chris\AppData\Local\census.cache
[2012/11/29 22:40:05 | 000,123,048 | ---- | M] () -- C:\Users\chris\AppData\Local\ars.cache
[2012/11/28 18:31:00 | 000,001,393 | ---- | M] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/28 17:23:49 | 000,151,713 | ---- | M] () -- C:\Users\chris\Documents\fact sheet centrelink.pdf
[2012/11/28 11:56:37 | 002,085,834 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\Cat.DB
[2012/11/28 11:23:35 | 000,002,330 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/28 10:39:21 | 000,780,196 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/28 10:39:21 | 000,665,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/28 10:39:21 | 000,125,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/26 11:15:02 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk
[2012/11/26 08:02:56 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCHRIS-HP$.job
[2012/11/24 05:16:44 | 005,349,059 | ---- | M] () -- C:\Users\chris\Documents\menzies forms.pdf
[2012/11/21 23:05:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForchris.job
[2012/11/21 16:39:53 | 000,000,485 | ---- | M] () -- C:\Users\chris\Desktop\Expansion Drive (F) - Shortcut.lnk
[2012/11/21 12:28:20 | 000,001,055 | ---- | M] () -- C:\Users\chris\Desktop\OneTouch - Shortcut.lnk
[2012/11/18 10:54:35 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/16 17:37:50 | 000,013,946 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\VT20121114.016
[2012/11/16 14:16:42 | 000,279,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/12 13:18:41 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/01 10:50:46 | 000,002,448 | ---- | M] () -- C:\{7F02FB3F-E3BE-487C-9A0B-273B204670A9}
[71 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/30 20:58:32 | 000,025,082 | ---- | C] () -- C:\Windows\SysWow64\log.exe
[2012/11/30 19:36:52 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012/11/30 19:36:49 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2012/11/30 19:36:16 | 000,000,276 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012/11/30 19:36:14 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012/11/30 19:36:01 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012/11/29 22:40:27 | 000,214,077 | ---- | C] () -- C:\Users\chris\AppData\Local\census.cache
[2012/11/29 22:40:05 | 000,123,048 | ---- | C] () -- C:\Users\chris\AppData\Local\ars.cache
[2012/11/28 17:23:49 | 000,151,713 | ---- | C] () -- C:\Users\chris\Documents\fact sheet centrelink.pdf
[2012/11/26 11:15:02 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk
[2012/11/26 00:00:47 | 000,140,535 | ---- | C] () -- C:\Users\chris\Documents\Wagecover-Application-Form.pdf
[2012/11/24 05:16:44 | 005,349,059 | ---- | C] () -- C:\Users\chris\Documents\menzies forms.pdf
[2012/11/21 16:39:53 | 000,000,485 | ---- | C] () -- C:\Users\chris\Desktop\Expansion Drive (F) - Shortcut.lnk
[2012/11/21 13:50:03 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForchris.job
[2012/11/21 12:28:20 | 000,001,055 | ---- | C] () -- C:\Users\chris\Desktop\OneTouch - Shortcut.lnk
[2012/11/18 21:54:29 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForCHRIS-HP$.job
[2012/11/18 10:54:35 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/16 12:46:33 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 12:21:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/01 10:50:46 | 000,002,448 | ---- | C] () -- C:\{7F02FB3F-E3BE-487C-9A0B-273B204670A9}
[2012/09/29 14:05:56 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/08/15 13:52:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/22 07:00:14 | 000,083,456 | ---- | C] () -- C:\Users\chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/12/26 20:32:37 | 000,451,072 | ---- | C] () -- C:\Windows\emunist.exe
[2011/12/26 20:32:32 | 000,001,751 | ---- | C] () -- C:\Windows\TVEpaDrv.ini
[2011/11/26 20:18:00 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/09/15 21:55:57 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2011/09/15 21:37:47 | 000,208,171 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011/07/08 04:28:04 | 000,766,108 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2006/07/31 16:07:37 | 000,000,496 | ---- | C] () -- C:\Users\chris\TOM HULSE.TAX
[2006/07/31 16:07:37 | 000,000,488 | ---- | C] () -- C:\Users\chris\TOM HULSE.BAK

========== ZeroAccess Check ==========

[2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 16:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 15:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/14 18:06:40 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\ACD Systems
[2012/03/15 14:33:16 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\DVDVideoSoft
[2012/10/18 17:10:06 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Fighters
[2012/10/22 17:12:25 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\FreeFileViewer
[2012/10/18 21:59:01 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Leadertech
[2011/12/27 16:25:31 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\MAGIX
[2012/10/19 11:23:14 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Memeo
[2011/07/01 14:30:12 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\PictureMover
[2012/01/05 13:03:16 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Rovio
[2012/10/18 22:28:42 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Seagate
[2012/09/27 19:00:16 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Sierra Wireless
[2012/11/28 18:45:44 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\SoftGrid Client
[2012/06/14 08:55:24 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Sony
[2012/11/30 19:37:00 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Systweak
[2012/11/26 10:58:15 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Telstra
[2011/07/08 04:28:50 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\TP
[2012/08/22 10:12:55 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Uniblue
[2012/10/18 17:10:10 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\W3i, LLC
[2012/03/07 22:45:34 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Windows Live Writer
[2012/03/19 18:33:38 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\ZumoDrive

========== Purity Check ==========



< End of report >
i downloaded OTL by oldtimer , the results are any help that u can give would be great thanks chris ,

Edited by Essexboy, 30 November 2012 - 08:15 AM.
e-mail deleted

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, if you wish to do a factory restore I can assist with that

Meanwhile:
Go to control panel > programs and features
Uninstall the following :

Advanced System Protector
UninstallHelper
RadioPI_4e
RegClean Pro


THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV - [2011/07/10 16:12:32 | 000,034,864 | ---- | M] (RadioPI) [Auto | Running] -- C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebarsvc.exe -- (RadioPI_4eService)
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {8bc67b0f-a721-45e0-a0b6-db0121b0aade} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dll (RadioPI)
IE - HKCU\..\URLSearchHook: {e7472076-ff9d-4325-8eaf-613572008758} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@RadioPI_4e.com/Plugin: C:\Program Files (x86)\RadioPI_4e\bar\1.bin\NP4eStub.dll (RadioPI)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_4e.com: C:\Program Files (x86)\RadioPI_4e\bar\1.bin [2011/10/13 14:22:57 | 000,000,000 | ---D | M]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Toolbar BHO) - {35fd2bab-ab2b-494f-b5bf-8755ec043784} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll (RadioPI)
O2 - BHO: (Search Assistant BHO) - {4adc9c1b-9c50-4c2d-a471-5c06d8de7e80} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dll (RadioPI)
O2 - BHO: (Search Assistant BHO) - {58376892-60e7-4f63-aca0-0f686af554d6} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrcAs.dll (MindSpark)
O2 - BHO: (Toolbar BHO) - {6eb534fb-2001-45c4-b860-bc904865a379} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (DictionaryBoss) - {3042df7a-e900-4389-9b94-923df0daa57e} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (RadioPI) - {92926b63-5116-4c6f-a33e-378767b8d15f} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll (RadioPI)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DictionaryBoss) - {3042DF7A-E900-4389-9B94-923DF0DAA57E} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (RadioPI) - {92926B63-5116-4C6F-A33E-378767B8D15F} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll (RadioPI)
O4 - HKCU..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKCU..\Run: [UninstallHelper] C:\Program Files (x86)\W3i\UninstallHelper\UninstallHelper.exe (W3i, LLC)
[2012/11/30 19:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2012/11/30 19:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2012/11/30 19:36:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2012/11/30 19:36:06 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Systweak
[2012/11/30 19:36:02 | 000,017,080 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012/11/30 19:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012/11/30 19:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2012/11/30 20:58:35 | 000,025,082 | ---- | M] () -- C:\Windows\SysWow64\log.exe
[2012/11/30 20:39:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/30 20:35:21 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/11/30 20:34:11 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\DRIVERfighter Auto Start.job
[2012/11/30 20:32:41 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/30 20:32:06 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/11/30 20:31:49 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012/11/30 20:31:49 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012/11/30 19:36:52 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012/11/30 19:36:01 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012/11/30 20:58:32 | 000,025,082 | ---- | C] () -- C:\Windows\SysWow64\log.exe
[2012/11/30 19:36:52 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012/11/30 19:36:49 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2012/11/30 19:36:16 | 000,000,276 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012/11/30 19:36:14 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012/11/30 19:36:01 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012/10/22 17:12:25 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\FreeFileViewer
[2012/11/30 19:37:00 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Systweak
[2012/10/18 17:10:10 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\W3i, LLC

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

FINALLY

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP