Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

V9 has Hijacked my Homepage

Started by bhoover3 , Jan 27 2013 11:03 AM

  • Please log in to reply

#1
bhoover3
Posted 27 January 2013 - 11:03 AM

bhoover3

    New Member

  • Member
  • Pip
  • 2 posts
I am not able to get to my homepage because a V9 virus of some sort has hijacked my homepage. After searching out help online I found this forum. No matter what I do I cannot redirect my homepage to what I want it to be. Please help me to remove this from my computer. Thanks!




OTL logfile created on: 1/27/2013 11:45:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bryan H\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.75 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 47.62% Memory free
9.50 Gb Paging File | 4.31 Gb Available in Paging File | 45.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.45 Gb Total Space | 803.87 Gb Free Space | 87.43% Space Free | Partition Type: NTFS
Drive D: | 11.96 Gb Total Space | 1.46 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive K: | 232.88 Gb Total Space | 165.42 Gb Free Space | 71.03% Space Free | Partition Type: NTFS

Computer Name: BRYANH-HP | User Name: Bryan H | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/27 11:45:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bryan H\Downloads\OTL.exe
PRC - [2013/01/20 14:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nikki.BryanH-HP\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/01/20 14:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bryan H\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/10/26 13:17:52 | 000,079,384 | ---- | M] (Google) -- C:\Users\Bryan H\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/10/05 10:10:10 | 001,174,824 | ---- | M] (Starfield Technologies) -- C:\Program Files (x86)\Workspace\offSyncService.exe
PRC - [2012/09/17 04:26:25 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/10 15:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/09/05 03:04:08 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012/08/29 13:00:12 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/08/27 20:32:54 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/19 15:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2012/06/14 22:42:42 | 001,040,712 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
PRC - [2012/06/14 22:42:42 | 000,122,696 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
PRC - [2012/01/09 19:49:42 | 000,034,496 | ---- | M] () -- C:\Users\Nikki.BryanH-HP\AppData\Local\Workspace\workspaceupdate.exe
PRC - [2011/12/05 11:38:52 | 000,182,576 | ---- | M] (Blabbers Communications LTD) -- C:\Program Files (x86)\BrowserCompanion\BCHelper.exe
PRC - [2011/11/14 18:10:40 | 000,313,624 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2011/11/14 18:10:40 | 000,153,888 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2011/10/13 14:11:20 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2011/10/10 14:05:48 | 000,034,496 | ---- | M] () -- C:\Users\Bryan H\AppData\Local\Workspace\workspaceupdate.exe
PRC - [2011/06/25 07:24:43 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/06/01 17:57:16 | 000,561,984 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/03/03 19:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/06/12 20:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/18 12:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/09/03 01:09:42 | 000,024,576 | ---- | M] (Intuit) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2006/12/22 17:11:52 | 000,114,688 | ---- | M] (Avanquest Publishing, Inc.) -- C:\Program Files (x86)\MySoftware\MyInvoices\Tracker.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/25 19:43:59 | 000,086,528 | ---- | M] () -- C:\Users\Bryan H\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgoohpbdddibhlhdkenenmmlfofjfkh\1.0.5_0\chromeNPAPI.dll
MOD - [2013/01/10 03:43:15 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 03:40:16 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 03:40:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 03:40:01 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/10 03:39:52 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/10 03:39:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/10 03:39:35 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 03:39:32 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/10 03:39:24 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/10 03:39:19 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 03:39:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 03:39:16 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 03:39:11 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/07 19:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
MOD - [2013/01/07 19:06:21 | 012,459,624 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
MOD - [2013/01/07 19:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013/01/07 19:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013/01/07 19:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013/01/07 19:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2012/11/15 11:22:16 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/07/26 04:44:38 | 000,915,968 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
MOD - [2012/07/26 04:29:22 | 008,299,520 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
MOD - [2012/07/25 05:42:54 | 001,084,416 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
MOD - [2012/07/25 05:42:54 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
MOD - [2012/07/25 03:00:54 | 001,132,032 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
MOD - [2012/07/25 00:48:48 | 001,550,848 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
MOD - [2012/07/25 00:48:48 | 000,412,160 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
MOD - [2012/07/24 22:45:52 | 000,433,152 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
MOD - [2012/07/23 02:36:52 | 000,499,200 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
MOD - [2012/07/23 02:36:52 | 000,186,368 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
MOD - [2012/07/23 02:25:50 | 000,641,536 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
MOD - [2012/07/23 02:21:28 | 000,701,440 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
MOD - [2012/07/23 02:08:36 | 001,567,744 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
MOD - [2012/07/23 02:08:36 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
MOD - [2012/07/23 02:08:36 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
MOD - [2012/07/12 02:24:18 | 001,061,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
MOD - [2012/07/12 02:24:18 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
MOD - [2012/07/12 02:24:18 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
MOD - [2012/07/12 01:51:54 | 000,504,832 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
MOD - [2012/07/12 01:51:54 | 000,116,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
MOD - [2012/07/12 01:51:54 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
MOD - [2012/07/12 00:23:24 | 000,231,424 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
MOD - [2012/07/12 00:23:24 | 000,138,752 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
MOD - [2012/06/14 22:42:42 | 001,040,712 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
MOD - [2012/06/14 22:42:42 | 000,122,696 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
MOD - [2012/05/11 01:24:16 | 009,814,016 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
MOD - [2012/05/11 01:24:16 | 002,537,472 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
MOD - [2012/05/11 01:24:16 | 001,140,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
MOD - [2012/05/11 01:24:16 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
MOD - [2012/05/11 01:24:16 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
MOD - [2012/05/11 01:24:16 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
MOD - [2012/05/11 01:24:16 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
MOD - [2012/05/09 21:34:06 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
MOD - [2012/05/09 21:34:06 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/10 14:05:48 | 000,034,496 | ---- | M] () -- C:\Users\Bryan H\AppData\Local\Workspace\workspaceupdate.exe
MOD - [2011/08/07 06:54:44 | 000,362,029 | ---- | M] () -- C:\Program Files (x86)\BrowserCompanion\sqlite3.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/18 12:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2006/12/22 17:02:52 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\c4dll_v6503.dll
MOD - [1997/11/05 02:06:00 | 000,517,120 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\mtl70mt.dll
MOD - [1997/11/05 02:05:00 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\mmnyd.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/04 01:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/07/04 00:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/04/30 18:56:52 | 000,334,720 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe -- (FileOpenManagerSvc)
SRV:64bit: - [2011/03/03 19:36:16 | 006,315,664 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/08 17:24:12 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/05 10:10:10 | 001,174,824 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files (x86)\Workspace\offSyncService.exe -- (File Backup)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/07 21:33:57 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/09 20:49:22 | 000,231,752 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2012/06/19 15:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2011/11/14 19:12:26 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/11/14 18:10:40 | 000,313,624 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/06/12 20:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/03 01:09:42 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/08 18:38:40 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/07/04 01:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/04 00:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 07:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/05 17:31:44 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/05 23:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 23:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/09/08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/01/16 00:27:41 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130126.007\ex64.sys -- (NAVEX15)
DRV - [2013/01/16 00:27:40 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130126.007\eng64.sys -- (NAVENG)
DRV - [2013/01/15 21:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/09/06 03:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130124.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/08 21:36:12 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/08 21:36:12 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{630E967D-2720-4481-BC12-4EF54DDD641B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6EFC6DD3-4FE7-40DC-B143-3219A07C2CED}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{BF8B6B74-025D-48FF-BF15-8118EF25D913}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DC85C71F-3013-4AEA-8300-51161FC6CEAD}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?u...2&ts=1358143645
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?u...2&ts=1358143645
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{630E967D-2720-4481-BC12-4EF54DDD641B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6EFC6DD3-4FE7-40DC-B143-3219A07C2CED}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{BF8B6B74-025D-48FF-BF15-8118EF25D913}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{DC85C71F-3013-4AEA-8300-51161FC6CEAD}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?u...2&ts=1358143645
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.keystonec...tsolutions.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...&tt=090212_ctrl
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch....q={searchTerms}
IE - HKCU\..\SearchScopes\{630E967D-2720-4481-BC12-4EF54DDD641B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS451
IE - HKCU\..\SearchScopes\{6EFC6DD3-4FE7-40DC-B143-3219A07C2CED}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...22&geo=US&ver=5
IE - HKCU\..\SearchScopes\{BF8B6B74-025D-48FF-BF15-8118EF25D913}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{DC85C71F-3013-4AEA-8300-51161FC6CEAD}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "v9"
FF - prefs.js..browser.search.order.1: "v9"
FF - prefs.js..browser.search.selectedEngine: "v9"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.v9.com/?u...&ts=1358143645"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.0
FF - prefs.js..extensions.enabledAddons: {14323AEE-F6B8-4DC8-BCE3-E62645830585}:1.0.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.5
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.5
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Bryan H\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\Bryan H\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Bryan H\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\Bryan H\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Bryan H\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Bryan H\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bryan H\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bryan H\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/25 07:25:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/07 23:12:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2013/01/22 14:01:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/16 22:05:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012/07/04 15:26:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/20 11:18:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/23 12:54:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/16 22:05:11 | 000,000,000 | ---D | M]

[2011/03/11 19:23:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Extensions
[2013/01/25 19:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions
[2012/02/15 18:10:57 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]
[2013/01/25 19:44:02 | 000,000,000 | ---D | M] (Ginyas Browser Companions) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]
[2012/02/15 18:12:15 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]
[2012/09/07 08:43:17 | 000,001,911 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi
[2013/01/17 07:45:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\0bb66476c57d47d5a6fb7e7674377c0d_expire
[2012/09/04 06:34:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\15f55f650849475804003e5f4c1ed633_expire
[2012/08/05 16:16:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\21f0428a26d427df5855a0bc90045021_expire
[2013/01/26 11:19:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2012/08/05 16:16:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\2e74403c227112bec523796d5a77d77e_expire
[2012/08/19 14:11:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\3fc6b2723cbb0b538a802dc7866905d0_expire
[2013/01/17 07:45:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\4139ce40922185449b5f6d4af90a225c_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\494b6a790675a9df12f13f5b2ea8b279_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2013/01/26 11:19:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\584f65cffc1c4cd51141560ecca30687_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\5c7f22b4f7a8d093c6ce6ede7682b4e9_expire
[2012/08/05 16:16:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\5d8b44209964515b959812929b2723b4_expire
[2012/09/09 19:48:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\604b9862af4f41da5f4a8aaea35075ba_expire
[2012/09/04 06:34:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire
[2012/11/15 08:38:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\627e237180c48f0e8522b39d63c92862_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\65e6f9367ae8f547db82c2aefd3f2cc5_expire
[2013/01/17 14:15:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\72891ec935a3d247f2da6562ef29a005_expire
[2012/08/20 18:10:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\79fb704ddeade50d9ce8dc9f5f114555_expire
[2012/07/21 13:07:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\7acafe2d3e4c14a116bde4e028813ba7_expire
[2012/04/07 04:33:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\845d35a3845a6b81af290ebab09006a3_expire
[2012/12/10 20:16:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\859b48ccb0344069fb329b6d72940a6e_expire
[2012/07/11 19:48:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\87b21290866cab00a1fea6ecf40c1918_expire
[2012/12/10 20:16:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\9085496217a4fa7de2855c00eadee1bc_expire
[2013/01/17 14:15:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\955571742befe31f5193475438c5602f_expire
[2013/01/26 21:46:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\aab49e4b8b0adea3507d92e81077f14c_expire
[2013/01/17 07:45:15 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\adf275b6644b3fcac86a14ffe551dede_expire
[2012/07/21 13:07:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\bd46a3b5782552a37d64c1b7a7fda6db_expire
[2012/05/14 21:11:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\c4b81def0d6f6df7de175c63fe2cbbd9_expire
[2012/08/19 14:11:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire
[2012/11/24 11:50:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\d34813b44bcc8a441d4d2ab95f401f5c_expire
[2012/12/10 20:16:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\d89bfd841403290d610bcf662008b443_expire
[2012/08/20 18:10:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire
[2012/09/09 19:48:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire
[2013/01/26 21:46:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e394b97e9118a3153bf352ead025fa2e_expire
[2012/08/20 18:10:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e7215b147326809c45f6cf0952274624_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2013/01/26 21:46:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\eb91756ae6745d22433f80be4ec59445_expire
[2012/11/15 08:38:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire
[2012/10/21 09:08:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire
[2012/09/09 19:48:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\ed1844c0c7b217c8c77395dab9059105_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012/10/21 09:08:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\f25f61a6c9e06e1cf75fec86b6bc6d85_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012/07/11 19:48:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\fb587e01b097be9a51fe98149876ff01_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\c93f2aa3f7ed8c08097d4d5c3c2c61e1_expire
[2013/01/26 21:46:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e394b97e9118a3153bf352ead025fa2e_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012/10/21 09:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/15 18:10:36 | 000,002,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/26 16:27:59 | 000,002,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/01/14 01:07:31 | 000,000,402 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml

========== Chrome ==========

CHR - homepage: http://www.keystonec...tsolutions.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.keystonec...tsolutions.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: (Enabled) = C:\Users\Bryan H\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Bryan H\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Bryan H\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Online Storage plug-in (Enabled) = C:\Users\Bryan H\AppData\Roaming\Mozilla\plugins\npoff.dll
CHR - plugin: Workspace Webmail plug-in 1.0.20.42 (Enabled) = C:\Users\Bryan H\AppData\Roaming\Mozilla\plugins\npwbe.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Bryan H\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Ginyas Browser Companions = C:\Users\Bryan H\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgoohpbdddibhlhdkenenmmlfofjfkh\1.0.5_0\
CHR - Extension: Google Search = C:\Users\Bryan H\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Browser Companion Helper = C:\Users\Bryan H\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie\1.0.5_0\
CHR - Extension: Proxy Tool = C:\Users\Bryan H\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda\1.0.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Bryan H\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Gmail = C:\Users\Bryan H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ginyas Browser Companion) - {2d8c4843-765f-4827-bafa-8c318284e4d8} - C:\Program Files (x86)\GinyasBrowserCompanions\jsloader.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Ginyas Browser Companion Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\GinyasBrowserCompanions\updatebhoWin32.dll (Blabbers Communications Ltd)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\24.0.1312.56\npchrome_frame.dll (Google Inc.)
O2 - BHO: (Proxy Help) - {F386E548-C533-472E-8C61-C026FB14FEA9} - C:\Windows\SysWOW64\Newtabs_v9.dll (Newtabs. inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (FileOpen Systems Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Tracker] C:\Program Files (x86)\MySoftware\MyInvoices\Tracker.exe (Avanquest Publishing, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [cdloader] C:\Users\Bryan H\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
O4 - HKCU..\Run: [Starfield Updater] C:\Users\Bryan H\AppData\Local\Workspace\WorkspaceUpdate.exe ()
O4 - HKCU..\Run: [VideoAcceleratorCommTest] C:\Program Files (x86)\SpeedBit Video Accelerator\CommTest.exe (Speedbit Ltd.)
O4 - Startup: C:\Users\Bryan H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bryan H\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA1204F1-7136-433C-9662-ED5517BF784C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\GinyasBrowserCompanions\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\GinyasBrowserCompanions\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\24.0.1312.56\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\GinyasBrowserCompanions\tdataprotocol.dll (Blabbers Communications Ltd)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/26 16:18:41 | 000,000,000 | ---D | C] -- C:\Users\Bryan H\Desktop\Credit Reports Upload
[2013/01/25 20:28:23 | 000,000,000 | ---D | C] -- C:\Users\Bryan H\Desktop\Keystone Credit Solutions, LLC_Final Files_23012013
[2013/01/25 20:26:57 | 000,000,000 | ---D | C] -- C:\Users\Bryan H\AppData\Local\iLivid
[2013/01/25 19:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\GinyasBrowserCompanions
[2013/01/25 19:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GinyasBrowserCompanions
[2013/01/14 01:07:16 | 000,060,928 | ---- | C] (Newtabs. inc) -- C:\Windows\SysWow64\Newtabs_v9.dll
[2013/01/13 20:46:36 | 000,000,000 | ---D | C] -- C:\Users\Bryan H\Desktop\ICON
[2013/01/13 20:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image2Icon Converter
[2013/01/13 20:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image2Icon Converter

========== Files - Modified Within 30 Days ==========

[2013/01/27 11:44:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Stats Report.job
[2013/01/27 11:34:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Chrome Watcher.job
[2013/01/27 11:31:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/27 11:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/27 11:06:09 | 000,000,144 | ---- | M] () -- C:\Users\Bryan H\Desktop\DisputeSuite - Login.url
[2013/01/27 11:04:21 | 000,000,064 | ---- | M] () -- C:\Users\Bryan H\Desktop\Biz In A Box.url
[2013/01/27 10:55:55 | 000,000,190 | ---- | M] () -- C:\Users\Bryan H\Desktop\KCS Mail.url
[2013/01/27 10:54:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1852320340-3763420829-3560972882-1001UA.job
[2013/01/27 10:31:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBryan H.job
[2013/01/27 10:30:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/27 05:31:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/26 23:54:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1852320340-3763420829-3560972882-1001Core.job
[2013/01/26 20:04:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Update Checker.job
[2013/01/26 14:13:29 | 000,018,889 | ---- | M] () -- C:\Users\Bryan H\Desktop\Keystone Credit Solutions, 82.jpg
[2013/01/26 14:04:50 | 000,021,932 | ---- | M] () -- C:\Users\Bryan H\Desktop\Keystone Credit Solutions, LLC_Logo = 150x75.jpg
[2013/01/26 07:19:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/26 07:19:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/25 19:44:13 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions FireFox Watcher.job
[2013/01/25 19:37:57 | 000,001,056 | ---- | M] () -- C:\Users\Bryan H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/25 19:37:36 | 000,001,028 | ---- | M] () -- C:\Users\Bryan H\Desktop\Dropbox.lnk
[2013/01/25 12:26:09 | 000,002,285 | ---- | M] () -- C:\Users\Bryan H\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/25 12:26:08 | 000,002,261 | ---- | M] () -- C:\Users\Bryan H\Desktop\Google Chrome.lnk
[2013/01/22 14:00:21 | 3824,640,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/20 11:23:38 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNikki.job
[2013/01/20 00:29:02 | 000,076,688 | ---- | M] () -- C:\Users\Bryan H\Desktop\Hershey Flight Receipt.pdf
[2013/01/15 07:26:54 | 000,000,497 | ---- | M] () -- C:\Users\Bryan H\Desktop\Login - Credit Repair.website
[2013/01/13 20:44:26 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Image2Icon Converter.lnk
[2013/01/10 03:33:58 | 000,835,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 03:10:00 | 000,744,326 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/10 03:10:00 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/10 03:10:00 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/03 07:19:22 | 000,033,443 | ---- | M] () -- C:\Users\Bryan H\Documents\MyCheckBook 20130103.bak
[2012/12/30 15:04:31 | 000,328,683 | ---- | M] () -- C:\Users\Bryan H\Desktop\FREE-Report-Credit-Scores.pdf

========== Files Created - No Company Name ==========

[2013/01/27 11:06:09 | 000,000,144 | ---- | C] () -- C:\Users\Bryan H\Desktop\DisputeSuite - Login.url
[2013/01/27 11:04:21 | 000,000,064 | ---- | C] () -- C:\Users\Bryan H\Desktop\Biz In A Box.url
[2013/01/27 10:55:55 | 000,000,190 | ---- | C] () -- C:\Users\Bryan H\Desktop\KCS Mail.url
[2013/01/26 14:13:29 | 000,018,889 | ---- | C] () -- C:\Users\Bryan H\Desktop\Keystone Credit Solutions, 82.jpg
[2013/01/26 14:04:50 | 000,021,932 | ---- | C] () -- C:\Users\Bryan H\Desktop\Keystone Credit Solutions, LLC_Logo = 150x75.jpg
[2013/01/25 19:44:15 | 000,000,938 | ---- | C] () -- C:\Windows\tasks\GinyasBrowserCompanions Update Checker.job
[2013/01/25 19:44:11 | 000,001,054 | ---- | C] () -- C:\Windows\tasks\GinyasBrowserCompanions Stats Report.job
[2013/01/25 19:44:07 | 000,001,054 | ---- | C] () -- C:\Windows\tasks\GinyasBrowserCompanions Chrome Watcher.job
[2013/01/25 19:44:03 | 000,001,006 | ---- | C] () -- C:\Windows\tasks\GinyasBrowserCompanions FireFox Watcher.job
[2013/01/20 00:29:00 | 000,076,688 | ---- | C] () -- C:\Users\Bryan H\Desktop\Hershey Flight Receipt.pdf
[2013/01/13 20:44:26 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Image2Icon Converter.lnk
[2013/01/13 20:39:33 | 000,004,094 | ---- | C] () -- C:\Users\Bryan H\Desktop\Keystone and Arch - Social.jpg
[2013/01/03 07:19:22 | 000,033,443 | ---- | C] () -- C:\Users\Bryan H\Documents\MyCheckBook 20130103.bak
[2012/12/30 15:04:29 | 000,328,683 | ---- | C] () -- C:\Users\Bryan H\Desktop\FREE-Report-Credit-Scores.pdf
[2012/07/04 15:21:43 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/07/04 00:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/04 00:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/16 21:54:58 | 000,206,163 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/11/14 18:34:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/02 21:59:29 | 000,000,032 | ---- | C] () -- C:\Users\Bryan H\db.cas
[2011/10/13 14:53:02 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/01 21:01:06 | 000,060,864 | ---- | C] () -- C:\Users\Bryan H\g2mdlhlpx.exe
[2011/08/04 22:52:31 | 002,385,092 | ---- | C] () -- C:\Users\Bryan H\T-226-257971.pdf
[2011/07/19 17:17:09 | 000,001,318 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/07/19 17:13:15 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\Implode.dll
[2011/07/19 17:13:11 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\Crutl14.dll
[2011/07/19 17:13:10 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\pg32conv.dll
[2011/05/18 17:31:39 | 000,001,940 | ---- | C] () -- C:\Users\Bryan H\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/08 10:07:02 | 001,914,216 | ---- | C] () -- C:\Windows\SysWow64\ltmm16.dll
[2011/05/08 10:07:02 | 000,557,056 | ---- | C] ( ) -- C:\Windows\SysWow64\raac.dll
[2011/05/08 10:07:02 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/05/08 10:07:02 | 000,173,416 | ---- | C] () -- C:\Windows\SysWow64\LCodcScr2.dll
[2011/05/08 10:07:02 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/05/08 10:07:02 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/05/08 10:07:02 | 000,148,992 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/05/08 10:07:02 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/05/08 10:07:02 | 000,139,264 | ---- | C] ( ) -- C:\Windows\SysWow64\sipr.dll
[2011/05/08 10:07:02 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/05/08 10:07:02 | 000,116,072 | ---- | C] () -- C:\Windows\SysWow64\LMAMpgCnv.dll
[2011/05/08 10:07:02 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\rv20.dll
[2011/05/08 10:07:02 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\rv30.dll
[2011/05/08 10:07:02 | 000,049,152 | ---- | C] ( ) -- C:\Windows\SysWow64\rv40.dll
[2011/05/08 10:07:01 | 000,456,192 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2011/05/08 10:07:01 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/05/08 10:07:01 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/05/08 10:07:01 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/05/08 10:07:00 | 003,569,152 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2011/05/08 10:07:00 | 000,695,296 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2011/05/08 10:07:00 | 000,479,298 | ---- | C] ( ) -- C:\Windows\SysWow64\erv4.dll
[2011/05/08 10:07:00 | 000,397,312 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/05/08 10:07:00 | 000,266,306 | ---- | C] ( ) -- C:\Windows\SysWow64\erv3.dll
[2011/05/08 10:07:00 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2011/05/08 10:07:00 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2011/05/08 10:07:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/05/08 10:07:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ff_theora.dll
[2011/05/08 10:07:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/05/08 10:07:00 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/05/08 10:07:00 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\ff_realaac.dll
[2011/05/08 10:07:00 | 000,102,912 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2011/05/08 10:07:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/05/08 10:07:00 | 000,052,224 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/05/08 10:07:00 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/05/08 10:06:59 | 000,548,919 | ---- | C] ( ) -- C:\Windows\SysWow64\colorcvt.dll
[2011/05/08 10:06:59 | 000,286,720 | ---- | C] ( ) -- C:\Windows\SysWow64\drvc.dll
[2011/05/08 10:06:59 | 000,210,264 | ---- | C] () -- C:\Windows\SysWow64\LCMW3.dll
[2011/05/08 10:06:59 | 000,180,224 | ---- | C] ( ) -- C:\Windows\SysWow64\drv2.dll
[2011/05/08 10:06:59 | 000,148,840 | ---- | C] () -- C:\Windows\SysWow64\LDECMPG2KRN2.dll
[2011/05/08 10:06:59 | 000,090,112 | ---- | C] ( ) -- C:\Windows\SysWow64\atrc.dll
[2011/05/08 10:06:59 | 000,065,602 | ---- | C] ( ) -- C:\Windows\SysWow64\cook.dll
[2011/05/08 10:06:59 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2011/05/08 10:06:59 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2011/02/20 13:23:40 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\rsUtil.dll
[2011/02/13 17:42:16 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/13 17:31:25 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/01/29 12:15:38 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/01/29 12:15:37 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/07/19 18:33:32 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\Avanquest
[2012/02/15 18:09:24 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\Babylon
[2013/01/26 14:43:00 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\Dropbox
[2012/06/23 21:46:30 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\FileOpen
[2011/01/19 08:38:24 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\ICAClient
[2012/01/01 17:22:58 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\mjusbsp
[2012/05/26 16:23:18 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\OpswatLogs
[2011/01/29 12:16:52 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\pdf995
[2012/05/26 16:22:42 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\QuickScan
[2012/01/25 19:41:46 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\Serif
[2012/05/14 13:19:09 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\TaxCut
[2011/01/19 08:26:17 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Phel
Posted 27 January 2013 - 11:27 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, bhoover3 and welcome to GeeksToGo!

You can call me Phel and today I will help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Please, wait for a while. Currently I am analyzing your logs, fix is coming soon.
  • 0

#3
Phel
Posted 27 January 2013 - 02:51 PM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Let's start! Please, follow these steps:

Step 1. Change of passwords.

Your computer was infected with a Trojan.PSW - malware, which steals your personal and confidential data, such as passwords. So, please, change all your passwords from:

  • Internet Banks
  • FTP-servers
  • Web-hosting
  • Social networks
  • Forums
  • E-mails
  • Other websites
  • IM-Messengers (Skype/ICQ/AOL/etc.)
  • and etc.

Step 2. AdwCleaner scan.

  • Please, download AdwCleaner from here to your Desktop.
  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 3. OTL fix.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE:64bit: - HKLM\..\SearchScopes\{630E967D-2720-4481-BC12-4EF54DDD641B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?u...2&ts=1358143645
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?u...2&ts=1358143645
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?u...2&ts=1358143645
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...&tt=090212_ctrl
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch....q={searchTerms}
IE - HKCU\..\SearchScopes\{630E967D-2720-4481-BC12-4EF54DDD641B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...22&geo=US&ver=5
FF - prefs.js..browser.search.defaultenginename: "v9"
FF - prefs.js..browser.search.order.1: "v9"
FF - prefs.js..browser.search.selectedEngine: "v9"
FF - prefs.js..browser.startup.homepage: "http://www.v9.com/?utm_source=b&utm_medium=umz-2&from=umz-2&uid=WDC_WD1001FAES-60Z2A0_WD-WCATR180675206752&ts=1358143645"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.0
FF - prefs.js..extensions.enabledAddons: {14323AEE-F6B8-4DC8-BCE3-E62645830585}:1.0.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.5
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.5
[2012/02/15 18:10:57 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]
[2013/01/25 19:44:02 | 000,000,000 | ---D | M] (Ginyas Browser Companions) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]
[2012/02/15 18:12:15 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]
[2012/09/07 08:43:17 | 000,001,911 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi
[2013/01/17 07:45:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\0bb66476c57d47d5a6fb7e7674377c0d_expire
[2012/09/04 06:34:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\15f55f650849475804003e5f4c1ed633_expire
[2012/08/05 16:16:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\21f0428a26d427df5855a0bc90045021_expire
[2013/01/26 11:19:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2012/08/05 16:16:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\2e74403c227112bec523796d5a77d77e_expire
[2012/08/19 14:11:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\3fc6b2723cbb0b538a802dc7866905d0_expire
[2013/01/17 07:45:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\4139ce40922185449b5f6d4af90a225c_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\494b6a790675a9df12f13f5b2ea8b279_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2013/01/26 11:19:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\584f65cffc1c4cd51141560ecca30687_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\5c7f22b4f7a8d093c6ce6ede7682b4e9_expire
[2012/08/05 16:16:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\5d8b44209964515b959812929b2723b4_expire
[2012/09/09 19:48:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\604b9862af4f41da5f4a8aaea35075ba_expire
[2012/09/04 06:34:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire
[2012/11/15 08:38:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\627e237180c48f0e8522b39d63c92862_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\65e6f9367ae8f547db82c2aefd3f2cc5_expire
[2013/01/17 14:15:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\72891ec935a3d247f2da6562ef29a005_expire
[2012/08/20 18:10:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\79fb704ddeade50d9ce8dc9f5f114555_expire
[2012/07/21 13:07:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\7acafe2d3e4c14a116bde4e028813ba7_expire
[2012/04/07 04:33:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\845d35a3845a6b81af290ebab09006a3_expire
[2012/12/10 20:16:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\859b48ccb0344069fb329b6d72940a6e_expire
[2012/07/11 19:48:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\87b21290866cab00a1fea6ecf40c1918_expire
[2012/12/10 20:16:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\9085496217a4fa7de2855c00eadee1bc_expire
[2013/01/17 14:15:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\955571742befe31f5193475438c5602f_expire
[2013/01/26 21:46:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\aab49e4b8b0adea3507d92e81077f14c_expire
[2013/01/17 07:45:15 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\adf275b6644b3fcac86a14ffe551dede_expire
[2012/07/21 13:07:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\bd46a3b5782552a37d64c1b7a7fda6db_expire
[2012/05/14 21:11:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\c4b81def0d6f6df7de175c63fe2cbbd9_expire
[2012/08/19 14:11:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire
[2012/11/24 11:50:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\d34813b44bcc8a441d4d2ab95f401f5c_expire
[2012/12/10 20:16:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\d89bfd841403290d610bcf662008b443_expire
[2012/08/20 18:10:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire
[2012/09/09 19:48:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire
[2013/01/26 21:46:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e394b97e9118a3153bf352ead025fa2e_expire
[2012/08/20 18:10:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e7215b147326809c45f6cf0952274624_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2013/01/26 21:46:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\eb91756ae6745d22433f80be4ec59445_expire
[2012/11/15 08:38:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire
[2012/10/21 09:08:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire
[2012/09/09 19:48:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\ed1844c0c7b217c8c77395dab9059105_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012/10/21 09:08:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\f25f61a6c9e06e1cf75fec86b6bc6d85_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012/07/11 19:48:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\fb587e01b097be9a51fe98149876ff01_expire
[2013/01/26 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\c93f2aa3f7ed8c08097d4d5c3c2c61e1_expire
[2013/01/26 21:46:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e394b97e9118a3153bf352ead025fa2e_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/15 18:10:36 | 000,002,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013/01/14 01:07:31 | 000,000,402 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Ginyas Browser Companion Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\GinyasBrowserCompanions\updatebhoWin32.dll (Blabbers Communications Ltd)
O2 - BHO: (Proxy Help) - {F386E548-C533-472E-8C61-C026FB14FEA9} - C:\Windows\SysWOW64\Newtabs_v9.dll (Newtabs. inc)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKCU..\Run: [] File not found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\GinyasBrowserCompanions\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\GinyasBrowserCompanions\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\GinyasBrowserCompanions\tdataprotocol.dll (Blabbers Communications Ltd)
[2013/01/25 19:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\GinyasBrowserCompanions
[2013/01/25 19:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GinyasBrowserCompanions
[2013/01/27 11:44:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Stats Report.job
[2013/01/27 11:34:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Chrome Watcher.job
[2013/01/25 19:44:13 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions FireFox Watcher.job
[2013/01/26 20:04:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Update Checker.job
[2012/02/15 18:09:24 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\Babylon

:Commands
[REBOOT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So, please, don't forget to post in your next reply contents of these logs:

  • OTL log
  • AdwCleaner log

  • 0

#4
bhoover3
Posted 27 January 2013 - 05:58 PM

bhoover3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I have completed the steps (hopefully correctly) however the problem still exists. It only happens in Firefox and Google Chrome.

Here are the requested notes:

# AdwCleaner v2.109 - Logfile created 01/27/2013 at 17:48:57
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Bryan H - BRYANH-HP
# Boot Mode : Normal
# Running from : C:\Users\Bryan H\Downloads\AdwCleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\BrowserCompanion
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla firefox\searchplugins\v9.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Bryan H\AppData\Local\Babylon
Folder Deleted : C:\Users\Bryan H\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Folder Deleted : C:\Users\Bryan H\AppData\Local\Ilivid
Folder Deleted : C:\Users\Bryan H\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Bryan H\AppData\LocalLow\bbrs_002.tb
Folder Deleted : C:\Users\Bryan H\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]
Folder Deleted : C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]
Folder Deleted : C:\Users\Nikki.BryanH-HP\AppData\Local\Ilivid Player

***** [Registry] *****

Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\Software\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : HKLM\Software\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKU\S-1-5-21-1852320340-3763420829-3560972882-1006\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Browser companion helper]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.v9.com/?utm_source=b&utm_medium=umz-2&from=umz-2&uid=WDC_WD1001FAES-60Z2A0_WD-WCATR180675206752&ts=1358143645 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.v9.com/newtab --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.v9.com/?utm_source=b&utm_medium=umz-2&from=umz-2&uid=WDC_WD1001FAES-60Z2A0_WD-WCATR180675206752&ts=1358143645 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.v9.com/?utm_source=b&utm_medium=umz-2&from=umz-2&uid=WDC_WD1001FAES-60Z2A0_WD-WCATR180675206752&ts=1358143645 --> hxxp://www.google.com

-\\ Mozilla Firefox v8.0.1 (en-US)

File : C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\prefs.js

C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "v9");
Deleted : user_pref("browser.search.order.1", "v9");
Deleted : user_pref("browser.search.selectedEngine", "v9");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.v9.com/?utm_source=b&utm_medium=umz-2&from=umz-2&u[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "tt=090212_ctrl");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 26);
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "24f98b42000000000000d485649a475f");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15385");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 26);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1718:10:37");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 97814784);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "czb");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1718:10:37");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "tt=090212_ctrl");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "24f98b42000000000000d485649a475f");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "24f98b42000000000000d485649a475f");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15385");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:10:37");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.enabledAddons", "[email protected]:1.2.0,{14323AEE-F6B8-4DC8-BCE3-E626458305[...]

File : C:\Users\Nikki.BryanH-HP\AppData\Roaming\Mozilla\Firefox\Profiles\5k1u73tp.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "Blekko");
Deleted : user_pref("browser.search.order.1", "Blekko");
Deleted : user_pref("browser.search.selectedEngine", "Blekko");
Deleted : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=a545ea26&tbp=rbox&toolbarid=blekkotb_soc&u=46[...]

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Bryan H\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Nikki.BryanH-HP\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [13159 octets] - [27/01/2013 17:48:37]
AdwCleaner[S1].txt - [325 octets] - [27/01/2013 17:47:45]
AdwCleaner[S2].txt - [13026 octets] - [27/01/2013 17:48:57]

########## EOF - C:\AdwCleaner[S2].txt - [13087 octets] ##########



OTL logfile created on: 1/27/2013 6:10:23 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bryan H\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.75 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 59.05% Memory free
9.50 Gb Paging File | 7.36 Gb Available in Paging File | 77.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.45 Gb Total Space | 803.96 Gb Free Space | 87.44% Space Free | Partition Type: NTFS
Drive D: | 11.96 Gb Total Space | 1.46 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive K: | 232.88 Gb Total Space | 165.42 Gb Free Space | 71.03% Space Free | Partition Type: NTFS

Computer Name: BRYANH-HP | User Name: Bryan H | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/27 11:45:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bryan H\Downloads\OTL.exe
PRC - [2013/01/24 15:54:48 | 000,741,888 | ---- | M] (Blabbers Communications Ltd) -- C:\ProgramData\GinyasBrowserCompanions\tbhcns.exe
PRC - [2013/01/20 14:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bryan H\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/05 10:10:10 | 001,174,824 | ---- | M] (Starfield Technologies) -- C:\Program Files (x86)\Workspace\offSyncService.exe
PRC - [2012/09/17 04:26:25 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/10 15:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/09/05 03:04:08 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012/08/29 13:00:12 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/08/27 20:32:54 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/06/19 15:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2012/06/14 22:42:42 | 001,040,712 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
PRC - [2012/06/14 22:42:42 | 000,122,696 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
PRC - [2011/11/14 18:10:40 | 000,313,624 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2011/11/14 18:10:40 | 000,153,888 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2011/10/13 14:11:20 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2011/10/10 14:05:48 | 000,034,496 | ---- | M] () -- C:\Users\Bryan H\AppData\Local\Workspace\workspaceupdate.exe
PRC - [2011/06/25 07:24:43 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/03/03 19:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/20 07:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/06/12 20:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/18 12:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/09/03 01:09:42 | 000,024,576 | ---- | M] (Intuit) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2006/12/22 17:11:52 | 000,114,688 | ---- | M] (Avanquest Publishing, Inc.) -- C:\Program Files (x86)\MySoftware\MyInvoices\Tracker.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/10 03:43:15 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 03:40:16 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 03:40:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 03:40:01 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/10 03:39:52 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/10 03:39:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/10 03:39:35 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 03:39:32 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/10 03:39:24 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/10 03:39:19 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 03:39:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 03:39:16 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 03:39:11 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/15 11:22:16 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/07/26 04:44:38 | 000,915,968 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
MOD - [2012/07/26 04:29:22 | 008,299,520 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
MOD - [2012/07/25 05:42:54 | 001,084,416 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
MOD - [2012/07/25 05:42:54 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
MOD - [2012/07/25 03:00:54 | 001,132,032 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
MOD - [2012/07/25 00:48:48 | 001,550,848 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
MOD - [2012/07/25 00:48:48 | 000,412,160 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
MOD - [2012/07/24 22:45:52 | 000,433,152 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
MOD - [2012/07/23 02:36:52 | 000,499,200 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
MOD - [2012/07/23 02:36:52 | 000,186,368 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
MOD - [2012/07/23 02:25:50 | 000,641,536 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
MOD - [2012/07/23 02:21:28 | 000,701,440 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
MOD - [2012/07/23 02:08:36 | 001,567,744 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
MOD - [2012/07/23 02:08:36 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
MOD - [2012/07/23 02:08:36 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
MOD - [2012/07/12 02:24:18 | 001,061,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
MOD - [2012/07/12 02:24:18 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
MOD - [2012/07/12 02:24:18 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
MOD - [2012/07/12 01:51:54 | 000,504,832 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
MOD - [2012/07/12 01:51:54 | 000,116,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
MOD - [2012/07/12 01:51:54 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
MOD - [2012/07/12 00:23:24 | 000,231,424 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
MOD - [2012/07/12 00:23:24 | 000,138,752 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
MOD - [2012/06/14 22:42:42 | 001,040,712 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
MOD - [2012/06/14 22:42:42 | 000,122,696 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
MOD - [2012/05/11 01:24:16 | 009,814,016 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
MOD - [2012/05/11 01:24:16 | 002,537,472 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
MOD - [2012/05/11 01:24:16 | 001,140,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
MOD - [2012/05/11 01:24:16 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
MOD - [2012/05/11 01:24:16 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
MOD - [2012/05/11 01:24:16 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
MOD - [2012/05/11 01:24:16 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
MOD - [2012/05/09 21:34:06 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
MOD - [2012/05/09 21:34:06 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/10 14:05:48 | 000,034,496 | ---- | M] () -- C:\Users\Bryan H\AppData\Local\Workspace\workspaceupdate.exe
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/18 12:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2006/12/22 17:02:52 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\c4dll_v6503.dll
MOD - [1997/11/05 02:06:00 | 000,517,120 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\mtl70mt.dll
MOD - [1997/11/05 02:05:00 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\mmnyd.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/04 01:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/07/04 00:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/04/30 18:56:52 | 000,334,720 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe -- (FileOpenManagerSvc)
SRV:64bit: - [2011/03/03 19:36:16 | 006,315,664 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/08 17:24:12 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/05 10:10:10 | 001,174,824 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files (x86)\Workspace\offSyncService.exe -- (File Backup)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/07 21:33:57 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/07/09 20:49:22 | 000,231,752 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2012/06/19 15:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2011/11/14 19:12:26 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/11/14 18:10:40 | 000,313,624 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/20 07:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/06/12 20:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/03 01:09:42 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/08 18:38:40 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/07/04 01:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/04 00:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 07:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/05 17:31:44 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/05 23:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 23:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/09/08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/01/16 00:27:41 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130126.007\ex64.sys -- (NAVEX15)
DRV - [2013/01/16 00:27:40 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130126.007\eng64.sys -- (NAVENG)
DRV - [2013/01/15 21:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/09/06 03:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130124.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/08 21:36:12 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/08 21:36:12 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{630E967D-2720-4481-BC12-4EF54DDD641B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6EFC6DD3-4FE7-40DC-B143-3219A07C2CED}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{BF8B6B74-025D-48FF-BF15-8118EF25D913}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DC85C71F-3013-4AEA-8300-51161FC6CEAD}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{630E967D-2720-4481-BC12-4EF54DDD641B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6EFC6DD3-4FE7-40DC-B143-3219A07C2CED}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{BF8B6B74-025D-48FF-BF15-8118EF25D913}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{DC85C71F-3013-4AEA-8300-51161FC6CEAD}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.keystonec...tsolutions.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{630E967D-2720-4481-BC12-4EF54DDD641B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS451
IE - HKCU\..\SearchScopes\{6EFC6DD3-4FE7-40DC-B143-3219A07C2CED}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{BF8B6B74-025D-48FF-BF15-8118EF25D913}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{DC85C71F-3013-4AEA-8300-51161FC6CEAD}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Bryan H\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\Bryan H\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Bryan H\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\Bryan H\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Bryan H\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Bryan H\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bryan H\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bryan H\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/25 07:25:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/07 23:12:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2013/01/27 18:04:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/16 22:05:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012/07/04 15:26:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/20 11:18:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/27 17:56:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/16 22:05:11 | 000,000,000 | ---D | M]

[2011/03/11 19:23:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Extensions
[2013/01/27 17:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions
[2013/01/25 19:44:02 | 000,000,000 | ---D | M] (Ginyas Browser Companions) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]
[2012/09/07 08:43:17 | 000,001,911 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\c93f2aa3f7ed8c08097d4d5c3c2c61e1_expire
[2013/01/26 21:46:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e394b97e9118a3153bf352ead025fa2e_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012/10/21 09:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\BRYAN H\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTAQHGME.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\BRYAN H\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTAQHGME.DEFAULT\EXTENSIONS\[email protected]
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/26 16:27:59 | 000,002,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Bryan H\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Bryan H\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Online Storage plug-in (Enabled) = C:\Users\Bryan H\AppData\Roaming\Mozilla\plugins\npoff.dll
CHR - plugin: Workspace Webmail plug-in 1.0.20.42 (Enabled) = C:\Users\Bryan H\AppData\Roaming\Mozilla\plugins\npwbe.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Proxy Tool = C:\Users\Bryan H\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda\1.0.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Bryan H\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Ginyas Browser Companion) - {2d8c4843-765f-4827-bafa-8c318284e4d8} - C:\Program Files (x86)\GinyasBrowserCompanions\jsloader.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\24.0.1312.56\npchrome_frame.dll (Google Inc.)
O2 - BHO: (Proxy Help) - {F386E548-C533-472E-8C61-C026FB14FEA9} - C:\Windows\SysWOW64\Newtabs_v9.dll (Newtabs. inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (FileOpen Systems Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Tracker] C:\Program Files (x86)\MySoftware\MyInvoices\Tracker.exe (Avanquest Publishing, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [cdloader] C:\Users\Bryan H\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
O4 - HKCU..\Run: [Starfield Updater] C:\Users\Bryan H\AppData\Local\Workspace\workspaceupdate.exe ()
O4 - HKCU..\Run: [VideoAcceleratorCommTest] C:\Program Files (x86)\SpeedBit Video Accelerator\CommTest.exe (Speedbit Ltd.)
O4 - Startup: C:\Users\Bryan H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bryan H\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA1204F1-7136-433C-9662-ED5517BF784C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\24.0.1312.56\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/27 18:02:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/27 17:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2013/01/27 17:40:21 | 000,000,000 | ---D | C] -- C:\rei
[2013/01/27 17:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013/01/26 16:18:41 | 000,000,000 | ---D | C] -- C:\Users\Bryan H\Desktop\Credit Reports Upload
[2013/01/25 20:28:23 | 000,000,000 | ---D | C] -- C:\Users\Bryan H\Desktop\Keystone Credit Solutions, LLC_Final Files_23012013
[2013/01/25 19:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\GinyasBrowserCompanions
[2013/01/25 19:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GinyasBrowserCompanions
[2013/01/14 01:07:16 | 000,060,928 | ---- | C] (Newtabs. inc) -- C:\Windows\SysWow64\Newtabs_v9.dll
[2013/01/13 20:46:36 | 000,000,000 | ---D | C] -- C:\Users\Bryan H\Desktop\ICON
[2013/01/13 20:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image2Icon Converter
[2013/01/13 20:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image2Icon Converter

========== Files - Modified Within 30 Days ==========

[2013/01/27 18:14:04 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Stats Report.job
[2013/01/27 18:13:26 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 18:13:26 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 18:06:32 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/27 18:06:30 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions FireFox Watcher.job
[2013/01/27 18:06:27 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Chrome Watcher.job
[2013/01/27 18:06:16 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Update Checker.job
[2013/01/27 18:04:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/27 18:04:00 | 3824,640,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/27 17:54:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1852320340-3763420829-3560972882-1001UA.job
[2013/01/27 17:49:23 | 000,000,107 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/27 17:41:20 | 000,000,162 | ---- | M] () -- C:\Windows\reimage.ini
[2013/01/27 17:40:25 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013/01/27 17:31:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/27 17:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/27 13:52:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBryan H.job
[2013/01/27 12:06:55 | 000,000,098 | ---- | M] () -- C:\Users\Bryan H\Desktop\V9 has Hijacked my Homepage - Geeks to Go Forums.url
[2013/01/27 11:06:09 | 000,000,144 | ---- | M] () -- C:\Users\Bryan H\Desktop\DisputeSuite - Login.url
[2013/01/27 11:04:21 | 000,000,064 | ---- | M] () -- C:\Users\Bryan H\Desktop\Biz In A Box.url
[2013/01/27 10:55:55 | 000,000,190 | ---- | M] () -- C:\Users\Bryan H\Desktop\KCS Mail.url
[2013/01/26 23:54:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1852320340-3763420829-3560972882-1001Core.job
[2013/01/26 14:13:29 | 000,018,889 | ---- | M] () -- C:\Users\Bryan H\Desktop\Keystone Credit Solutions, 82.jpg
[2013/01/26 14:04:50 | 000,021,932 | ---- | M] () -- C:\Users\Bryan H\Desktop\Keystone Credit Solutions, LLC_Logo = 150x75.jpg
[2013/01/25 19:37:57 | 000,001,056 | ---- | M] () -- C:\Users\Bryan H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/25 19:37:36 | 000,001,028 | ---- | M] () -- C:\Users\Bryan H\Desktop\Dropbox.lnk
[2013/01/25 12:26:09 | 000,002,285 | ---- | M] () -- C:\Users\Bryan H\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/25 12:26:08 | 000,002,261 | ---- | M] () -- C:\Users\Bryan H\Desktop\Google Chrome.lnk
[2013/01/20 11:23:38 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNikki.job
[2013/01/20 00:29:02 | 000,076,688 | ---- | M] () -- C:\Users\Bryan H\Desktop\Hershey Flight Receipt.pdf
[2013/01/15 07:26:54 | 000,000,497 | ---- | M] () -- C:\Users\Bryan H\Desktop\Login - Credit Repair.website
[2013/01/13 20:44:26 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Image2Icon Converter.lnk
[2013/01/10 03:33:58 | 000,835,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 03:10:00 | 000,744,326 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/10 03:10:00 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/10 03:10:00 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/03 07:19:22 | 000,033,443 | ---- | M] () -- C:\Users\Bryan H\Documents\MyCheckBook 20130103.bak
[2012/12/30 15:04:31 | 000,328,683 | ---- | M] () -- C:\Users\Bryan H\Desktop\FREE-Report-Credit-Scores.pdf

========== Files Created - No Company Name ==========

[2013/01/27 17:49:10 | 000,000,107 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/27 17:40:28 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2013/01/27 17:40:23 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013/01/27 12:06:55 | 000,000,098 | ---- | C] () -- C:\Users\Bryan H\Desktop\V9 has Hijacked my Homepage - Geeks to Go Forums.url
[2013/01/27 11:06:09 | 000,000,144 | ---- | C] () -- C:\Users\Bryan H\Desktop\DisputeSuite - Login.url
[2013/01/27 11:04:21 | 000,000,064 | ---- | C] () -- C:\Users\Bryan H\Desktop\Biz In A Box.url
[2013/01/27 10:55:55 | 000,000,190 | ---- | C] () -- C:\Users\Bryan H\Desktop\KCS Mail.url
[2013/01/26 14:13:29 | 000,018,889 | ---- | C] () -- C:\Users\Bryan H\Desktop\Keystone Credit Solutions, 82.jpg
[2013/01/26 14:04:50 | 000,021,932 | ---- | C] () -- C:\Users\Bryan H\Desktop\Keystone Credit Solutions, LLC_Logo = 150x75.jpg
[2013/01/25 19:44:15 | 000,000,938 | ---- | C] () -- C:\Windows\tasks\GinyasBrowserCompanions Update Checker.job
[2013/01/25 19:44:11 | 000,001,054 | ---- | C] () -- C:\Windows\tasks\GinyasBrowserCompanions Stats Report.job
[2013/01/25 19:44:07 | 000,001,006 | ---- | C] () -- C:\Windows\tasks\GinyasBrowserCompanions Chrome Watcher.job
[2013/01/25 19:44:03 | 000,001,006 | ---- | C] () -- C:\Windows\tasks\GinyasBrowserCompanions FireFox Watcher.job
[2013/01/20 00:29:00 | 000,076,688 | ---- | C] () -- C:\Users\Bryan H\Desktop\Hershey Flight Receipt.pdf
[2013/01/13 20:44:26 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Image2Icon Converter.lnk
[2013/01/13 20:39:33 | 000,004,094 | ---- | C] () -- C:\Users\Bryan H\Desktop\Keystone and Arch - Social.jpg
[2013/01/03 07:19:22 | 000,033,443 | ---- | C] () -- C:\Users\Bryan H\Documents\MyCheckBook 20130103.bak
[2012/12/30 15:04:29 | 000,328,683 | ---- | C] () -- C:\Users\Bryan H\Desktop\FREE-Report-Credit-Scores.pdf
[2012/07/04 15:21:43 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/07/04 00:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/04 00:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/16 21:54:58 | 000,206,163 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/11/14 18:34:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/02 21:59:29 | 000,000,032 | ---- | C] () -- C:\Users\Bryan H\db.cas
[2011/10/13 14:53:02 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/01 21:01:06 | 000,060,864 | ---- | C] () -- C:\Users\Bryan H\g2mdlhlpx.exe
[2011/08/04 22:52:31 | 002,385,092 | ---- | C] () -- C:\Users\Bryan H\T-226-257971.pdf
[2011/07/19 17:17:09 | 000,001,318 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/07/19 17:13:15 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\Implode.dll
[2011/07/19 17:13:11 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\Crutl14.dll
[2011/07/19 17:13:10 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\pg32conv.dll
[2011/05/18 17:31:39 | 000,001,940 | ---- | C] () -- C:\Users\Bryan H\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/08 10:07:02 | 001,914,216 | ---- | C] () -- C:\Windows\SysWow64\ltmm16.dll
[2011/05/08 10:07:02 | 000,557,056 | ---- | C] ( ) -- C:\Windows\SysWow64\raac.dll
[2011/05/08 10:07:02 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/05/08 10:07:02 | 000,173,416 | ---- | C] () -- C:\Windows\SysWow64\LCodcScr2.dll
[2011/05/08 10:07:02 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/05/08 10:07:02 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/05/08 10:07:02 | 000,148,992 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/05/08 10:07:02 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/05/08 10:07:02 | 000,139,264 | ---- | C] ( ) -- C:\Windows\SysWow64\sipr.dll
[2011/05/08 10:07:02 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/05/08 10:07:02 | 000,116,072 | ---- | C] () -- C:\Windows\SysWow64\LMAMpgCnv.dll
[2011/05/08 10:07:02 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\rv20.dll
[2011/05/08 10:07:02 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\rv30.dll
[2011/05/08 10:07:02 | 000,049,152 | ---- | C] ( ) -- C:\Windows\SysWow64\rv40.dll
[2011/05/08 10:07:01 | 000,456,192 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2011/05/08 10:07:01 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/05/08 10:07:01 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/05/08 10:07:01 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/05/08 10:07:00 | 003,569,152 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2011/05/08 10:07:00 | 000,695,296 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2011/05/08 10:07:00 | 000,479,298 | ---- | C] ( ) -- C:\Windows\SysWow64\erv4.dll
[2011/05/08 10:07:00 | 000,397,312 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/05/08 10:07:00 | 000,266,306 | ---- | C] ( ) -- C:\Windows\SysWow64\erv3.dll
[2011/05/08 10:07:00 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2011/05/08 10:07:00 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2011/05/08 10:07:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/05/08 10:07:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ff_theora.dll
[2011/05/08 10:07:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/05/08 10:07:00 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/05/08 10:07:00 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\ff_realaac.dll
[2011/05/08 10:07:00 | 000,102,912 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2011/05/08 10:07:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/05/08 10:07:00 | 000,052,224 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/05/08 10:07:00 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/05/08 10:06:59 | 000,548,919 | ---- | C] ( ) -- C:\Windows\SysWow64\colorcvt.dll
[2011/05/08 10:06:59 | 000,286,720 | ---- | C] ( ) -- C:\Windows\SysWow64\drvc.dll
[2011/05/08 10:06:59 | 000,210,264 | ---- | C] () -- C:\Windows\SysWow64\LCMW3.dll
[2011/05/08 10:06:59 | 000,180,224 | ---- | C] ( ) -- C:\Windows\SysWow64\drv2.dll
[2011/05/08 10:06:59 | 000,148,840 | ---- | C] () -- C:\Windows\SysWow64\LDECMPG2KRN2.dll
[2011/05/08 10:06:59 | 000,090,112 | ---- | C] ( ) -- C:\Windows\SysWow64\atrc.dll
[2011/05/08 10:06:59 | 000,065,602 | ---- | C] ( ) -- C:\Windows\SysWow64\cook.dll
[2011/05/08 10:06:59 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2011/05/08 10:06:59 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2011/02/20 13:23:40 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\rsUtil.dll
[2011/02/13 17:42:16 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/13 17:31:25 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/01/29 12:15:38 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/01/29 12:15:37 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/07/19 18:33:32 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\Avanquest
[2013/01/27 18:07:50 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\Dropbox
[2012/06/23 21:46:30 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\FileOpen
[2011/01/19 08:38:24 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\ICAClient
[2012/01/01 17:22:58 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\mjusbsp
[2012/05/26 16:23:18 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\OpswatLogs
[2011/01/29 12:16:52 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\pdf995
[2012/05/26 16:22:42 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\QuickScan
[2012/01/25 19:41:46 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\Serif
[2012/05/14 13:19:09 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\TaxCut
[2011/01/19 08:26:17 | 000,000,000 | ---D | M] -- C:\Users\Bryan H\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >
  • 0

#5
Phel
Posted 28 January 2013 - 01:42 PM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Step 1. Remove Chrome extension&plugin.

  • Launch your Google Chrome browser.
  • In the address bar type the following:

    chrome:extensions
  • Extension list will appear.
  • Find there Proxy Tool extension.
  • Click on the icon with recycle bin (uninstall).
  • Restart your browser.
After that do the following procedure:

  • Launch your Google Chrome browser.
  • In the address bar type the following:

    chrome:plugins
  • Plugin list will appear.
  • Find there Coupons Inc., Coupon Printer Manager plugin.
  • Click Disable link.
  • Restart your browser.

Step 2. OTL fix.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE:64bit: - HKLM\..\SearchScopes\{630E967D-2720-4481-BC12-4EF54DDD641B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{630E967D-2720-4481-BC12-4EF54DDD641B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
[2013/01/25 19:44:02 | 000,000,000 | ---D | M] (Ginyas Browser Companions) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]
[2012/09/07 08:43:17 | 000,001,911 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\c93f2aa3f7ed8c08097d4d5c3c2c61e1_expire
[2013/01/26 21:46:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e394b97e9118a3153bf352ead025fa2e_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2013/01/26 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bryan H\AppData\Roaming\Mozilla\Firefox\Profiles\otaqhgme.default\extensions\[email protected]\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012/10/21 09:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\BRYAN H\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTAQHGME.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\BRYAN H\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTAQHGME.DEFAULT\EXTENSIONS\[email protected]
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
O2 - BHO: (Ginyas Browser Companion) - {2d8c4843-765f-4827-bafa-8c318284e4d8} - C:\Program Files (x86)\GinyasBrowserCompanions\jsloader.dll ()
O2 - BHO: (Proxy Help) - {F386E548-C533-472E-8C61-C026FB14FEA9} - C:\Windows\SysWOW64\Newtabs_v9.dll (Newtabs. inc)
O4 - HKLM..\Run: [] File not found
[2013/01/25 19:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\GinyasBrowserCompanions
[2013/01/25 19:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GinyasBrowserCompanions
[2013/01/27 18:06:30 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions FireFox Watcher.job
[2013/01/27 18:06:27 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Chrome Watcher.job
[2013/01/27 18:06:16 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Update Checker.job

:Commands
[REBOOT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 3. AdwCleaner scan.

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Search button.
  • After scan Notepad window with report should appear. Post the contents of the report in your next message.

So, please, don't forget to post in your next message contents of these logs:

  • AdwCleaner log
  • OTL log

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP