[godawgs]

I had Revo uninstaller on desktop and used it as I thought it might be more thorough than just removing through uninstall. I have got rid of it now.

Well we're probably gonna need it re-installed so we can see if it can uninstall the remaining parts of the program. If Revo can't finish the removal I will attempt a manual removal.
For future information, you always want to use the program uninstaller (if one exists) in the Windows Program and Features list to uninstall a program.

There are a few things to do here so take your time. Read the instructions carefully and if you have any questions STOP and ask. Be sure to perform the Steps in the order given.


Step-1.

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:SERVICES
avast! Antivirus
MpKsl39b2afbe
esgiguard
Lavasoft Kernexplorer

:OTL
PRC - C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe (IObit)
MOD - C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll ()
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe File not found
DRV - (MpKsl39b2afbe) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB4DD37B-A3E6-4E92-8411-AF114A668FF8}\MpKsl39b2afbe.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
[2013/02/07 18:49:01 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\PC Utility Kit
[2013/02/07 18:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
[2013/02/07 17:29:23 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\AVSoftware
[2013/02/13 08:57:37 | 000,798,208 | ---- | M] () -- C:\winlogon.exe.exe

:FILES
C:\Program Files\IObit
C:\Users\Jo\AppData\Roaming\IObit
C:\Users\Jo\AppData\Roaming\PC Utility Kit
C:\ProgramData\PC Utility Kit
C:\Users\Jo\AppData\Roaming\AVSoftware

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop. To do that:

• Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


There is a Conduit plugin in Chrome that we need to see if we can find.

Step-2.

Disable Chrome Plug-ins

• Open the Chrome browser.
• In the Address bar or Omni bar, type the following:
  
  chrome://plugins
  
• On the Plug-ins page, look for anyhting withe the name Conduit in the plug-in. There should be an option to Disable or Uninstall the plug-in. If the Uninstall option is available, choose it. Otherwise Disable the plug-in.

IF you can't find the plug-in that way:

• Click the tools menu icon on the browser toolbar.
• Click Settings
  
  
  
• Click Show Advanced Settings
• In the Privacy section, click the Content Settings button.
• Click Plug-ins
• Click Disable individual plug-ins
• Find the plug-in listed above and Disable it. (You are looking for anything with the name Conduit in it)

Let's also make sure that the Windows firewall isn't giving it access to send outbound traffic.

• Click the Start Orb. In the Start Search box type the following and press the Enter key:
  firewall.cpl
  The Windows Firewall page will open
• In the column on the left, click Allow a program through Windows Firewall and click Continue on the UAC warning. The Windows Firewall Settings page will open.
• Click the Exceptions tab.
  In the Program or port section, look for anything that says Conduit and if it has a checkmark in the box next to it, click the box to remove the checkmark...if the Delete button is active click the Conduit program to highlight it and click th eDelete button.
• Click Apply, then OK and close the Windows Firewall page.

Step-3

Remove the Comodo program

Run Revo Uninstaller

Download Revo Uninstaller to the desktop.

• Right click the revosetup.exe installation file and click Run as Administrator) to run the installer.
• Let it install to the default location.
• Right click the new Revo Uninstaller Icon on the desktop and click Run as Administrator) to start the program.
  
  You will now see a list of installed programs that Revo Uninstaller can remove.
  
• Locate the program you are uninstalling---COMODO
• Right Click the program Icon then choose Uninstall.
  • Revo will perform an initial analysis for the uninstall and an uninstall window will open.
  • Click Next and Revo will run the program's built in uninstaller(if it has one). Be patient as this might take a few minutes.
  • When it has completed, click the Finish button to close the uninstaller.
• Revo Uninstaller will now scan for leftover information. Be patient as this can take a few minutes. First you will need to select the scanning mode.
• Choose the Moderate option and then click Scan.
• Once this scan is done you will see a window titled Found leftover registry items
• Look at ALL of the entries to ensure they relate to the uninstall.
• Next click the box beside ALL items in Bold then click the Delete button.
• Click Yes on the warning box to delete the entries.
  • Important: If you are not sure which items to delete, take a screen shot of them and post it in a reply here. (Don't close the program) Once you have posted it I will look at them and let you know which ones to check.
• The Found leftover files and folders screen will open next
• If there are any program files or folders left over you will be presented with a list to be removed.
• Again look at ALL of the entries to ensure they are related to the uninstall.
• Click the box beside ALL entries in Bold and click the Delete button.
• Click Yes on the warning box to delete the entries.
  • Important: If you are not sure which items to delete, take a screen shot of them and post it in a reply here. (Don't close the program) Once you have posted it I will look at them and let you know which ones to check.
• You should now be back at the main Revo window.
• Close the program

Step-4.

OTL Quick Scan

• Re-open OTL on the desktop and click the button
• Post the new OTL.txt log in your next reply.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. Let me know if you were able to find the Conduit plugin in Chrome
3. Let me know if Revo Uninstaller was able to find anything on COMODO
4. The new OTL.txt log

[Advertisements]

Hi there, I did the OTL fix scan and got a report which follows...I had to reinstall chrome as it was no longer on my desktop, but I cannot do part to and disable the plugins CONDUIT as I cannot see any...so I have not done the other steps, your instructions said to ask if any difficulties as need to follow instructions in order. Thankyou.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service avast! Antivirus stopped successfully!
Service avast! Antivirus deleted successfully!
Error: No service named MpKsl39b2afbe was found to stop!
Service\Driver key MpKsl39b2afbe not found.
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
Service Lavasoft Kernexplorer stopped successfully!
Service Lavasoft Kernexplorer deleted successfully!
========== OTL ==========
No active process named SmartDefrag.exe was found!
Error: No service named avast! Antivirus was found to stop!
Service\Driver key avast! Antivirus not found.
File C:\Program Files\AVAST Software\Avast\AvastSvc.exe File not found not found.
Error: No service named MpKsl39b2afbe was found to stop!
Service\Driver key MpKsl39b2afbe not found.
File C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB4DD37B-A3E6-4E92-8411-AF114A668FF8}\MpKsl39b2afbe.sys File not found not found.
Error: No service named esgiguard was found to stop!
Service\Driver key esgiguard not found.
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.
Error: No service named Lavasoft Kernexplorer was found to stop!
Service\Driver key Lavasoft Kernexplorer not found.
C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\system32\guard32.dll deleted successfully.
C:\Windows\System32\guard32.dll moved successfully.
C:\Users\Jo\AppData\Roaming\PC Utility Kit\PC Utility Kit folder moved successfully.
C:\ProgramData\PC Utility Kit\PC Utility Kit folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVSoftware\MaxPerforma\PartialBackup folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVSoftware\MaxPerforma folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVSoftware folder moved successfully.
C:\winlogon.exe.exe moved successfully.
========== FILES ==========
C:\Program Files\IObit\Smart Defrag 2\Log folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\LatestNews folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\Freeware\FreeSoftwareDownload folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\Freeware folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2 folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\Update folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\LatestNews folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\Freeware\FreeSoftwareDownload folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\Freeware folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4 folder moved successfully.
C:\Program Files\IObit folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\Advanced SystemCare V4\PMonitor folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\Advanced SystemCare V4\Log folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\Advanced SystemCare V4\Backup folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\Advanced SystemCare V4 folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit folder moved successfully.
C:\Users\Jo\AppData\Roaming\PC Utility Kit folder moved successfully.
C:\ProgramData\PC Utility Kit folder moved successfully.
File\Folder C:\Users\Jo\AppData\Roaming\AVSoftware not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jo
->Temp folder emptied: 6464026 bytes
->Temporary Internet Files folder emptied: 34700822 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10307911 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51628757 bytes
RecycleBin emptied: 1642122 bytes

Total Files Cleaned = 100.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02142013_222648

Files\Folders moved on Reboot...
File\Folder C:\Users\Jo\AppData\Local\Temp\~DF12EE89825E51D7A9.TMP not found!
File\Folder C:\Users\Jo\AppData\Local\Temp\~DF4AFDB24772F75552.TMP not found!
File\Folder C:\Users\Jo\AppData\Local\Temp\~DF7DECD7F8010D2FD9.TMP not found!
File\Folder C:\Users\Jo\AppData\Local\Temp\~DFD5BFB0B9490F6238.TMP not found!
File\Folder C:\Users\Jo\AppData\Local\Temp\~DFEBFE6C616222F990.TMP not found!
File\Folder C:\Users\Jo\AppData\Local\Temp\~DFFAC73968FA324A65.TMP not found!
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1QDPV3TX\google_co_uk[1].htm moved successfully.
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{9F3F4E48-3D19-4C50-9ACA-F68501426DFA}.tmp not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7F7A289C-9773-40E3-8F1F-4B8914224391}.tmp not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B20ACCB1-8082-4B18-884E-0662D289B934}.tmp not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E031A88D-EE92-45AF-8ADE-21C2B235AD40}.tmp not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1CAA2A45.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\303F2B17.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5EABB7EE.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6238A382.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6458D488.dat not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\84BE5CEA.dat not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\85B8199B.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A4B00EE0.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D39F5A2C.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E0DE93D6.dat not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F6BE0161.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F9E654.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[JoPopey]

Hi there, I did the OTL fix scan and got a report which follows...I had to reinstall chrome as it was no longer on my desktop, but I cannot do part to and disable the plugins CONDUIT as I cannot see any...so I have not done the other steps, your instructions said to ask if any difficulties as need to follow instructions in order. Thankyou.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service avast! Antivirus stopped successfully!
Service avast! Antivirus deleted successfully!
Error: No service named MpKsl39b2afbe was found to stop!
Service\Driver key MpKsl39b2afbe not found.
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
Service Lavasoft Kernexplorer stopped successfully!
Service Lavasoft Kernexplorer deleted successfully!
========== OTL ==========
No active process named SmartDefrag.exe was found!
Error: No service named avast! Antivirus was found to stop!
Service\Driver key avast! Antivirus not found.
File C:\Program Files\AVAST Software\Avast\AvastSvc.exe File not found not found.
Error: No service named MpKsl39b2afbe was found to stop!
Service\Driver key MpKsl39b2afbe not found.
File C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB4DD37B-A3E6-4E92-8411-AF114A668FF8}\MpKsl39b2afbe.sys File not found not found.
Error: No service named esgiguard was found to stop!
Service\Driver key esgiguard not found.
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.
Error: No service named Lavasoft Kernexplorer was found to stop!
Service\Driver key Lavasoft Kernexplorer not found.
C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\system32\guard32.dll deleted successfully.
C:\Windows\System32\guard32.dll moved successfully.
C:\Users\Jo\AppData\Roaming\PC Utility Kit\PC Utility Kit folder moved successfully.
C:\ProgramData\PC Utility Kit\PC Utility Kit folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVSoftware\MaxPerforma\PartialBackup folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVSoftware\MaxPerforma folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVSoftware folder moved successfully.
C:\winlogon.exe.exe moved successfully.
========== FILES ==========
C:\Program Files\IObit\Smart Defrag 2\Log folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\LatestNews folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\Freeware\FreeSoftwareDownload folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\Freeware folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2 folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\Update folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\LatestNews folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\Freeware\FreeSoftwareDownload folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\Freeware folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4 folder moved successfully.
C:\Program Files\IObit folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\Advanced SystemCare V4\PMonitor folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\Advanced SystemCare V4\Log folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\Advanced SystemCare V4\Backup folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\Advanced SystemCare V4 folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit folder moved successfully.
C:\Users\Jo\AppData\Roaming\PC Utility Kit folder moved successfully.
C:\ProgramData\PC Utility Kit folder moved successfully.
File\Folder C:\Users\Jo\AppData\Roaming\AVSoftware not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jo
->Temp folder emptied: 6464026 bytes
->Temporary Internet Files folder emptied: 34700822 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10307911 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51628757 bytes
RecycleBin emptied: 1642122 bytes

Total Files Cleaned = 100.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02142013_222648

Files\Folders moved on Reboot...
File\Folder C:\Users\Jo\AppData\Local\Temp\~DF12EE89825E51D7A9.TMP not found!
File\Folder C:\Users\Jo\AppData\Local\Temp\~DF4AFDB24772F75552.TMP not found!
File\Folder C:\Users\Jo\AppData\Local\Temp\~DF7DECD7F8010D2FD9.TMP not found!
File\Folder C:\Users\Jo\AppData\Local\Temp\~DFD5BFB0B9490F6238.TMP not found!
File\Folder C:\Users\Jo\AppData\Local\Temp\~DFEBFE6C616222F990.TMP not found!
File\Folder C:\Users\Jo\AppData\Local\Temp\~DFFAC73968FA324A65.TMP not found!
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1QDPV3TX\google_co_uk[1].htm moved successfully.
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{9F3F4E48-3D19-4C50-9ACA-F68501426DFA}.tmp not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7F7A289C-9773-40E3-8F1F-4B8914224391}.tmp not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B20ACCB1-8082-4B18-884E-0662D289B934}.tmp not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E031A88D-EE92-45AF-8ADE-21C2B235AD40}.tmp not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1CAA2A45.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\303F2B17.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5EABB7EE.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6238A382.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6458D488.dat not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\84BE5CEA.dat not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\85B8199B.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A4B00EE0.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D39F5A2C.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E0DE93D6.dat not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F6BE0161.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F9E654.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[godawgs]

Thanks for the update. Just skip that step and go to Step 3 and see if you can get Revo to uninstall the rest of the Comodo program. If it can't find anything then go to the next step and get the new OTL.txt log and just let me know that Revo didn't work when you post the OTL.txt log.

[JoPopey]

Hi there,

I reinstalled Revo but could not find any COMODO remnants, so I went on to the last step of running OTL again, here are the reports

Thanks in advance for your help

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service avast! Antivirus stopped successfully!
Service avast! Antivirus deleted successfully!
Error: No service named MpKsl39b2afbe was found to stop!
Service\Driver key MpKsl39b2afbe not found.
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
Service Lavasoft Kernexplorer stopped successfully!
Service Lavasoft Kernexplorer deleted successfully!
========== OTL ==========
No active process named SmartDefrag.exe was found!
Error: No service named avast! Antivirus was found to stop!
Service\Driver key avast! Antivirus not found.
File C:\Program Files\AVAST Software\Avast\AvastSvc.exe File not found not found.
Error: No service named MpKsl39b2afbe was found to stop!
Service\Driver key MpKsl39b2afbe not found.
File C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB4DD37B-A3E6-4E92-8411-AF114A668FF8}\MpKsl39b2afbe.sys File not found not found.
Error: No service named esgiguard was found to stop!
Service\Driver key esgiguard not found.
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.
Error: No service named Lavasoft Kernexplorer was found to stop!
Service\Driver key Lavasoft Kernexplorer not found.
C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\system32\guard32.dll deleted successfully.
C:\Windows\System32\guard32.dll moved successfully.
C:\Users\Jo\AppData\Roaming\PC Utility Kit\PC Utility Kit folder moved successfully.
C:\ProgramData\PC Utility Kit\PC Utility Kit folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVSoftware\MaxPerforma\PartialBackup folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVSoftware\MaxPerforma folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVSoftware folder moved successfully.
C:\winlogon.exe.exe moved successfully.
========== FILES ==========
C:\Program Files\IObit\Smart Defrag 2\Log folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\LatestNews folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\Freeware\FreeSoftwareDownload folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\Freeware folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2 folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\Update folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\LatestNews folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\Freeware\FreeSoftwareDownload folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\Freeware folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4 folder moved successfully.
C:\Program Files\IObit folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\Advanced SystemCare V4\PMonitor folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\Advanced SystemCare V4\Log folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\Advanced SystemCare V4\Backup folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit\Advanced SystemCare V4 folder moved successfully.
C:\Users\Jo\AppData\Roaming\IObit folder moved successfully.
C:\Users\Jo\AppData\Roaming\PC Utility Kit folder moved successfully.
C:\ProgramData\PC Utility Kit folder moved successfully.
File\Folder C:\Users\Jo\AppData\Roaming\AVSoftware not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jo
->Temp folder emptied: 6464026 bytes
->Temporary Internet Files folder emptied: 34700822 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10307911 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51628757 bytes
RecycleBin emptied: 1642122 bytes

Total Files Cleaned = 100.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02142013_222648

Files\Folders moved on Reboot...
File\Folder C:\Users\Jo\AppData\Local\Temp\~DF12EE89825E51D7A9.TMP not found!
File\Folder C:\Users\Jo\AppData\Local\Temp\~DF4AFDB24772F75552.TMP not found!
File\Folder C:\Users\Jo\AppData\Local\Temp\~DF7DECD7F8010D2FD9.TMP not found!
File\Folder C:\Users\Jo\AppData\Local\Temp\~DFD5BFB0B9490F6238.TMP not found!
File\Folder C:\Users\Jo\AppData\Local\Temp\~DFEBFE6C616222F990.TMP not found!
File\Folder C:\Users\Jo\AppData\Local\Temp\~DFFAC73968FA324A65.TMP not found!
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1QDPV3TX\google_co_uk[1].htm moved successfully.
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{9F3F4E48-3D19-4C50-9ACA-F68501426DFA}.tmp not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7F7A289C-9773-40E3-8F1F-4B8914224391}.tmp not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B20ACCB1-8082-4B18-884E-0662D289B934}.tmp not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E031A88D-EE92-45AF-8ADE-21C2B235AD40}.tmp not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1CAA2A45.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\303F2B17.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5EABB7EE.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6238A382.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6458D488.dat not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\84BE5CEA.dat not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\85B8199B.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A4B00EE0.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D39F5A2C.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E0DE93D6.dat not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F6BE0161.wmf not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F9E654.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
OTL logfile created on: 15/02/2013 09:04:14 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 55.19% Memory free
3.87 Gb Paging File | 2.82 Gb Available in Paging File | 72.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 35.06 Gb Total Space | 5.52 Gb Free Space | 15.74% Space Free | Partition Type: NTFS
Drive D: | 113.89 Gb Total Space | 40.85 Gb Free Space | 35.86% Space Free | Partition Type: NTFS

Computer Name: JOPOPE-PC01 | User Name: Jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()


========== Services (SafeList) ==========

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (TfSysMon) -- system32\drivers\TfSysMon.sys File not found
DRV - (TfNetMon) -- C:\Windows\system32\drivers\TfNetMon.sys File not found
DRV - (TfFsMon) -- system32\drivers\TfFsMon.sys File not found
DRV - (cpuz132) -- C:\Users\Jo\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (catchme) -- C:\Users\Jo\AppData\Local\Temp\catchme.sys File not found
DRV - (adfs) -- File not found
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmderd) -- C:\Windows\System32\drivers\cmderd.sys (COMODO)
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (AVEO) -- C:\Windows\System32\drivers\AVEOdcnt.sys (AVEO)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...0C61407B26747B8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearc...0C61407B26747B8
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearc...0C61407B26747B8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...0C61407B26747B8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 A6 19 00 0F 6A CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0AEADF14-F17C-4F00-BE2F-99194450DB7C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0AEADF14-F17C-4F00-BE2F-99194450DB7C}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{0B3C28E0-7C23-4167-A8B7-85D34F586D3A}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{16C71303-6956-47D8-B5C6-002F0605D5C8}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearc...0C61407B26747B8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95560BF3-6453-4704-BF91-1B25463ABE13}: "URL" = http://websearch.ask...81-6C3901274266
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "SafeSearch"
FF - prefs.js..browser.search.defaultenginename: "SafeSearch"
FF - prefs.js..browser.search.defaulturl: "http://www.safesearc...C61407B26747B8"
FF - prefs.js..browser.search.order.1: "SafeSearch"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "http://www.safesearc....net/search?q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/30 15:54:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/11 11:50:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/11/28 17:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo\AppData\Roaming\Mozilla\Extensions
[2013/02/07 17:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\extensions
[2013/02/04 11:51:36 | 000,307,659 | ---- | M] () (No name found) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\extensions\[email protected]
[2012/12/20 16:42:12 | 000,010,339 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\searchplugins\duckduckgo-1.xml
[2012/12/20 16:42:09 | 000,010,339 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\searchplugins\duckduckgo.xml
[2013/02/11 11:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/01 18:22:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/01 18:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/01 18:22:13 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

O1 HOSTS File: ([2012/11/19 22:31:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - Startup: C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3028E9AA-0C2D-45B0-A428-1EDCE1C22515}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/15 09:01:24 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/02/14 22:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/02/14 09:24:26 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013/02/13 09:36:47 | 000,000,000 | ---D | C] -- D:\Desktop\RK_Quarantine
[2013/02/11 12:23:12 | 000,000,000 | ---D | C] -- C:\ArcSoft
[2013/02/11 11:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/02/11 11:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/11 09:17:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/11 09:16:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2013/02/10 11:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/02/10 11:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2013/02/10 11:28:50 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\libeay32.dll
[2013/02/10 11:28:50 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/02/10 11:28:50 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\ssleay32.dll
[2013/02/10 11:28:50 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/02/10 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Search Removal Tool
[2013/02/09 20:34:54 | 000,000,000 | ---D | C] -- D:\Desktop\FLAT BATH
[2013/02/07 18:59:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/07 18:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/07 18:57:18 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/07 18:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/07 17:41:30 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/02/07 17:41:02 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/02/07 17:29:29 | 000,000,000 | ---D | C] -- D:\My Documents\Add-in Express
[2013/02/07 16:57:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/07 16:57:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/07 16:57:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/07 16:55:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/02/07 10:24:34 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\SmartSoftOCRHelper
[2013/02/07 10:21:12 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Smart PDF Converter
[2013/02/07 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Strongvault
[2013/02/07 09:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2013/02/07 09:28:30 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Strongvault Online Backup
[2013/02/07 09:28:21 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Stronghold_LLC
[2013/02/07 09:27:48 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2013/02/07 09:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/02/07 09:26:17 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\DSite
[2013/02/06 21:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/02/05 11:53:29 | 000,000,000 | ---D | C] -- D:\Desktop\The Magdalene Laundry - CBS News_files
[2013/01/28 16:57:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/01/28 09:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/28 09:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/28 09:32:59 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/01/22 09:18:19 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Programs
[2013/01/22 09:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2013/01/21 20:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/11/16 21:41:04 | 001,287,016 | ---- | C] (Microsoft Corporation) -- C:\Users\Jo\windowslivemoviemaker.exe
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/15 09:03:24 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2013/02/15 09:01:24 | 000,001,082 | ---- | M] () -- D:\Desktop\Revo Uninstaller.lnk
[2013/02/15 09:00:50 | 000,013,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/15 09:00:50 | 000,013,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/15 08:58:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/15 08:54:02 | 000,002,233 | ---- | M] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/15 08:53:58 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/15 08:53:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/14 22:38:57 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/14 19:13:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/14 18:40:57 | 000,614,400 | ---- | M] () -- C:\Windows\System32\Image20.dat
[2013/02/14 18:40:13 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/13 16:09:45 | 000,022,442 | ---- | M] () -- D:\Desktop\pool.jpg
[2013/02/13 09:30:17 | 002,346,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/13 09:16:58 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/13 09:16:58 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/11 14:05:21 | 000,120,923 | ---- | M] () -- D:\Desktop\trip update....zip
[2013/02/11 11:51:17 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/11 09:15:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2013/02/10 20:27:47 | 000,587,659 | ---- | M] () -- C:\adwcleaner.exe
[2013/02/07 18:57:30 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/07 17:49:28 | 000,000,390 | R-S- | M] () -- C:\Users\Jo\ntuser.pol
[2013/02/07 17:41:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/02/06 09:13:26 | 000,001,053 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/05 22:58:22 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/01/27 10:43:48 | 000,000,929 | ---- | M] () -- D:\Desktop\Dropbox.lnk
[2013/01/21 20:13:06 | 000,001,096 | ---- | M] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2013/01/21 20:13:06 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/15 08:59:55 | 000,001,082 | ---- | C] () -- D:\Desktop\Revo Uninstaller.lnk
[2013/02/14 22:38:57 | 000,002,233 | ---- | C] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/14 22:38:57 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/14 16:54:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/13 16:09:44 | 000,022,442 | ---- | C] () -- D:\Desktop\pool.jpg
[2013/02/11 14:05:15 | 000,120,923 | ---- | C] () -- D:\Desktop\trip update....zip
[2013/02/11 11:51:17 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/11 11:51:17 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/10 20:23:45 | 000,587,659 | ---- | C] () -- C:\adwcleaner.exe
[2013/02/07 18:57:30 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/07 17:29:28 | 000,000,390 | R-S- | C] () -- C:\Users\Jo\ntuser.pol
[2013/02/07 16:57:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/07 16:57:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/07 16:57:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/07 16:57:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/07 16:57:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/06 09:13:26 | 000,001,053 | ---- | C] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/28 09:36:09 | 000,614,400 | ---- | C] () -- C:\Windows\System32\Image20.dat
[2013/01/28 09:33:07 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/21 20:16:03 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2013/01/21 20:13:06 | 000,001,096 | ---- | C] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2013/01/21 20:13:06 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/11/05 17:09:28 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/29 12:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/10/29 12:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/10/29 12:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/10/29 12:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/08/17 11:07:04 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/04/13 14:50:39 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/04/13 14:50:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012/02/22 15:03:45 | 000,000,088 | ---- | C] () -- C:\Windows\MSREGUSR.INI
[2011/07/07 08:18:37 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/02 16:35:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll
[2011/05/01 16:25:21 | 000,062,349 | ---- | C] () -- C:\Users\Jo\RW1.jpg
[2011/03/07 20:14:01 | 000,020,480 | ---- | C] () -- C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/22 17:24:55 | 000,000,224 | ---- | C] () -- C:\Windows\91NU.ini
[2011/02/22 17:14:05 | 000,001,809 | ---- | C] () -- C:\Windows\if42le.ini
[2011/02/22 17:14:05 | 000,000,299 | ---- | C] () -- C:\Windows\Pexplore.ini
[2011/02/22 17:10:42 | 000,015,360 | ---- | C] () -- C:\Windows\System32\GetInst32.dll
[2011/01/02 20:55:21 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/03/04 18:39:30 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AnvSoft
[2012/09/23 15:49:32 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AVG
[2010/10/18 09:43:17 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AVG10
[2010/07/29 08:18:33 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Canneverbe Limited
[2011/11/10 17:16:14 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\com.spoce.PRINCE2EventPrep.607D1209833FBB41CF7E9FFB79F78DC1DBCDE874.1
[2011/01/29 19:25:28 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\ConsumerSoft
[2012/03/16 13:26:22 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\DriverCure
[2013/02/15 08:54:23 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Dropbox
[2013/02/07 09:26:17 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\DSite
[2011/12/16 22:41:46 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\ErrorTeck
[2013/02/13 08:28:44 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\FixBee
[2012/03/16 13:45:19 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\GetRightToGo
[2011/05/01 16:28:54 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\gtk-2.0
[2011/05/05 08:46:09 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\iExpert Software
[2011/12/16 22:37:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Leadertech
[2011/12/16 22:46:28 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Memeo
[2012/06/24 21:01:26 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
[2012/09/22 13:03:32 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\NewSoft
[2012/09/22 13:03:32 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Nokia
[2011/06/13 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\PC Suite
[2013/02/07 09:48:53 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\PDFConverterPackages
[2013/01/28 17:32:03 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Samsung
[2013/02/07 10:21:12 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Smart PDF Converter
[2011/05/13 13:37:12 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Smart PDF Creator
[2011/03/01 14:42:47 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\SmartSoftOCRHelper
[2012/11/28 17:25:01 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\SparkTrust
[2012/11/06 11:17:41 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\SpeedyPC Software
[2012/12/19 15:48:07 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Spotify
[2013/02/07 09:29:16 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Strongvault
[2012/09/22 13:03:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\TeamViewer
[2012/09/22 13:03:36 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\TuneUp Software
[2012/11/25 16:27:46 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\WinPatrol

========== Purity Check ==========



< End of report >

[godawgs]

The Conduit plugin is gone. Let's try to manually delete the Comodo remnants. Then let me know if Firefox and IE are still crashing the machine

Step-1.

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmderd) -- C:\Windows\System32\drivers\cmderd.sys (COMODO)
[2013/02/10 11:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/03/04 18:39:30 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AnvSoft
[2012/09/23 15:49:32 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AVG
[2010/10/18 09:43:17 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AVG10
[2013/02/13 08:28:44 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\FixBee

:FILES
C:\Program Files\Comodo

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop. To do that:

• Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the button. Post the log it produces in your next reply.


Step-2.

Run a fresh AdwCleaner scan and post the log.


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The new OTL.txt log
3. The AdwCleaner log
4. Update me on the system crashes

[JoPopey]

i did the checks and delete adw cleaner items..computer wanted to reboot and no is saying there is adriver hardware issue...i now have no internet and cannot attach logs as now using phone to email....computer would like to install windows update 802000010 but i cant as no internet connection please help !!!

[godawgs]

The only drivers we deleted were for the Comodo program. It should not have affected the internet connection. Do you know how to use System Restore? If you do, restore the system back to the time before you ran the last OTL fix. That looks like it should be sometime yesterday between my post of 12:09PM and your post around 1:58PM.

[JoPopey]

Ok I will try that, will look up how to do it am at internet store...I think after i did the adw cleaner i did a delete on files or maybe the virus has got in there who knows am not a techy, will be back in touch when I have done a system restore at present, computer says

Internet connections..
The wired network adaptor is experiencing problems...windows help and support can provide more info about resolving driver and hardware issues

Ms Security wants to update KB2804527(4.2.223.1) and is displaying Error code 805200010

Will be back in touch thanks

[godawgs]

To restore the system to an earlier date:

• Click the Start Orb, then click Control Panel.
• In the box in the upper right hand corner type system restore.
• Under the System heading, click Restore system files and settings from a restore point and click Continue or OK on the UAC. The System Restore window will open...it may tak a few minutes so be patient.
• Look at the Recommended restore date. It it isn't before the OTL fix (sometime between 12:09PM and 1:58PM on the 15th), click the radio button beside Choose a different restore point and click the Next button. A window will open with a list of restore points.
• Choose one before the OTL fix and click the Next button.

System Restore should start the restore process. Follow the on screen directions. It willeith automatically reboot the computer or ask you to reboot it to complete the process.

[JoPopey]

I have done a system restore, and now the internet is working, something is still not right on computer....I noticed COMODO is still on computer but I couldnt get rid of as not in uninstall area is search but saw it under Start Programs.....can I get rid of this???

Here are the logs from yesterday.this is what you asked for...

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. Let me know if you were able to find the Conduit plugin in Chrome
3. Let me know if Revo Uninstaller was able to find anything on COMODO
4. The new OTL.txt log

I couldnt find Conduit plugin, Revo uninstaller didnt find COMODO howwever i saw it as i describe above.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service inspect stopped successfully!
Service inspect deleted successfully!
C:\Windows\System32\drivers\inspect.sys moved successfully.
Error: Unable to stop service cmdGuard!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdGuard deleted successfully.
C:\Windows\System32\drivers\cmdGuard.sys moved successfully.
Error: Unable to stop service cmdHlp!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdHlp deleted successfully.
C:\Windows\System32\drivers\cmdhlp.sys moved successfully.
Error: Unable to stop service cmderd!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmderd deleted successfully.
C:\Windows\System32\drivers\cmderd.sys moved successfully.
Folder move failed. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO scheduled to be moved on reboot.
C:\Users\Jo\AppData\Roaming\AnvSoft\Any Video Converter folder moved successfully.
C:\Users\Jo\AppData\Roaming\AnvSoft folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVG\AWL2012\TuningIndex folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVG\AWL2012\StartUp Manager\Disabled objects folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVG\AWL2012\StartUp Manager folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVG\AWL2012\Speed Optimizer folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVG\AWL2012\Dashboard folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVG\AWL2012\Backups folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVG\AWL2012 folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVG folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Jo\AppData\Roaming\AVG10 folder moved successfully.
C:\Users\Jo\AppData\Roaming\FixBee folder moved successfully.
========== FILES ==========
File\Folder C:\Program Files\Comodo not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jo
->Temp folder emptied: 17182202 bytes
->Temporary Internet Files folder emptied: 8388320 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5492755 bytes
->Google Chrome cache emptied: 16418161 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20200 bytes
RecycleBin emptied: 5214749 bytes

Total Files Cleaned = 50.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02152013_172837

Files\Folders moved on Reboot...
Folder move failed. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO scheduled to be moved on reboot.
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{347B2940-8875-413C-9F6E-C3C2F489073D}.tmp not found!
File\Folder C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{51F0ABBC-96D5-4985-B9CF-A1C14AB67F33}.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 15/02/2013 17:37:56 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 60.93% Memory free
3.87 Gb Paging File | 3.10 Gb Available in Paging File | 80.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 35.06 Gb Total Space | 5.51 Gb Free Space | 15.73% Space Free | Partition Type: NTFS
Drive D: | 113.89 Gb Total Space | 40.85 Gb Free Space | 35.87% Space Free | Partition Type: NTFS

Computer Name: JOPOPE-PC01 | User Name: Jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\OTL.exe (OldTimer Tools)
PRC - C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()


========== Services (SafeList) ==========

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (TfSysMon) -- system32\drivers\TfSysMon.sys File not found
DRV - (TfNetMon) -- C:\Windows\system32\drivers\TfNetMon.sys File not found
DRV - (TfFsMon) -- system32\drivers\TfFsMon.sys File not found
DRV - (cpuz132) -- C:\Users\Jo\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (catchme) -- C:\Users\Jo\AppData\Local\Temp\catchme.sys File not found
DRV - (adfs) -- File not found
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (AVEO) -- C:\Windows\System32\drivers\AVEOdcnt.sys (AVEO)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...0C61407B26747B8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearc...0C61407B26747B8
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearc...0C61407B26747B8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...0C61407B26747B8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 A6 19 00 0F 6A CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0AEADF14-F17C-4F00-BE2F-99194450DB7C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0AEADF14-F17C-4F00-BE2F-99194450DB7C}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{0B3C28E0-7C23-4167-A8B7-85D34F586D3A}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{16C71303-6956-47D8-B5C6-002F0605D5C8}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearc...0C61407B26747B8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95560BF3-6453-4704-BF91-1B25463ABE13}: "URL" = http://websearch.ask...81-6C3901274266
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "SafeSearch"
FF - prefs.js..browser.search.defaultenginename: "SafeSearch"
FF - prefs.js..browser.search.defaulturl: "http://www.safesearc...C61407B26747B8"
FF - prefs.js..browser.search.order.1: "SafeSearch"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "http://www.safesearc....net/search?q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/30 15:54:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/11 11:50:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/11/28 17:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo\AppData\Roaming\Mozilla\Extensions
[2013/02/07 17:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\extensions
[2013/02/04 11:51:36 | 000,307,659 | ---- | M] () (No name found) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\extensions\[email protected]
[2012/12/20 16:42:12 | 000,010,339 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\searchplugins\duckduckgo-1.xml
[2012/12/20 16:42:09 | 000,010,339 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\searchplugins\duckduckgo.xml
[2013/02/11 11:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/01 18:22:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/01 18:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/01 18:22:13 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

O1 HOSTS File: ([2012/11/19 22:31:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - Startup: C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3028E9AA-0C2D-45B0-A428-1EDCE1C22515}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/15 09:01:24 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/02/14 22:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/02/14 09:24:26 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013/02/13 09:36:47 | 000,000,000 | ---D | C] -- D:\Desktop\RK_Quarantine
[2013/02/11 12:23:12 | 000,000,000 | ---D | C] -- C:\ArcSoft
[2013/02/11 11:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/02/11 11:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/11 09:17:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/11 09:16:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2013/02/10 11:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/02/10 11:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2013/02/10 11:28:50 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\libeay32.dll
[2013/02/10 11:28:50 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/02/10 11:28:50 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\ssleay32.dll
[2013/02/10 11:28:50 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/02/10 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Search Removal Tool
[2013/02/09 20:34:54 | 000,000,000 | ---D | C] -- D:\Desktop\FLAT BATH
[2013/02/07 18:59:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/07 18:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/07 18:57:18 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/07 18:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/07 17:41:30 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/02/07 17:41:02 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/02/07 17:29:29 | 000,000,000 | ---D | C] -- D:\My Documents\Add-in Express
[2013/02/07 16:57:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/07 16:57:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/07 16:57:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/07 16:55:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/02/07 10:24:34 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\SmartSoftOCRHelper
[2013/02/07 10:21:12 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Smart PDF Converter
[2013/02/07 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Strongvault
[2013/02/07 09:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2013/02/07 09:28:30 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Strongvault Online Backup
[2013/02/07 09:28:21 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Stronghold_LLC
[2013/02/07 09:27:48 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2013/02/07 09:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/02/07 09:26:17 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\DSite
[2013/02/06 21:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/02/05 11:53:29 | 000,000,000 | ---D | C] -- D:\Desktop\The Magdalene Laundry - CBS News_files
[2013/01/28 16:57:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/01/28 09:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/28 09:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/28 09:32:59 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/01/22 09:18:19 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Programs
[2013/01/22 09:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2013/01/21 20:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/11/16 21:41:04 | 001,287,016 | ---- | C] (Microsoft Corporation) -- C:\Users\Jo\windowslivemoviemaker.exe
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/15 17:35:31 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/15 17:35:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/15 17:29:36 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2013/02/15 17:27:31 | 000,013,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/15 17:27:31 | 000,013,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/15 10:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/15 09:58:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/15 09:01:24 | 000,001,082 | ---- | M] () -- D:\Desktop\Revo Uninstaller.lnk
[2013/02/15 08:54:02 | 000,002,233 | ---- | M] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/14 22:38:57 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/14 18:40:57 | 000,614,400 | ---- | M] () -- C:\Windows\System32\Image20.dat
[2013/02/14 18:40:13 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/13 16:09:45 | 000,022,442 | ---- | M] () -- D:\Desktop\pool.jpg
[2013/02/13 09:30:17 | 002,346,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/13 09:16:58 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/13 09:16:58 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/11 14:05:21 | 000,120,923 | ---- | M] () -- D:\Desktop\trip update....zip
[2013/02/11 11:51:17 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/11 09:15:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2013/02/10 20:27:47 | 000,587,659 | ---- | M] () -- C:\adwcleaner.exe
[2013/02/07 18:57:30 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/07 17:49:28 | 000,000,390 | R-S- | M] () -- C:\Users\Jo\ntuser.pol
[2013/02/07 17:41:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/02/06 09:13:26 | 000,001,053 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/05 22:58:22 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/01/27 10:43:48 | 000,000,929 | ---- | M] () -- D:\Desktop\Dropbox.lnk
[2013/01/21 20:13:06 | 000,001,096 | ---- | M] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2013/01/21 20:13:06 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/15 08:59:55 | 000,001,082 | ---- | C] () -- D:\Desktop\Revo Uninstaller.lnk
[2013/02/14 22:38:57 | 000,002,233 | ---- | C] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/14 22:38:57 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/14 16:54:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/13 16:09:44 | 000,022,442 | ---- | C] () -- D:\Desktop\pool.jpg
[2013/02/11 14:05:15 | 000,120,923 | ---- | C] () -- D:\Desktop\trip update....zip
[2013/02/11 11:51:17 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/11 11:51:17 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/10 20:23:45 | 000,587,659 | ---- | C] () -- C:\adwcleaner.exe
[2013/02/07 18:57:30 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/07 17:29:28 | 000,000,390 | R-S- | C] () -- C:\Users\Jo\ntuser.pol
[2013/02/07 16:57:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/07 16:57:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/07 16:57:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/07 16:57:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/07 16:57:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/06 09:13:26 | 000,001,053 | ---- | C] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/28 09:36:09 | 000,614,400 | ---- | C] () -- C:\Windows\System32\Image20.dat
[2013/01/28 09:33:07 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/21 20:16:03 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2013/01/21 20:13:06 | 000,001,096 | ---- | C] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2013/01/21 20:13:06 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/11/05 17:09:28 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/29 12:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/10/29 12:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/10/29 12:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/10/29 12:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/08/17 11:07:04 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/04/13 14:50:39 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/04/13 14:50:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012/02/22 15:03:45 | 000,000,088 | ---- | C] () -- C:\Windows\MSREGUSR.INI
[2011/07/07 08:18:37 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/02 16:35:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll
[2011/05/01 16:25:21 | 000,062,349 | ---- | C] () -- C:\Users\Jo\RW1.jpg
[2011/03/07 20:14:01 | 000,020,480 | ---- | C] () -- C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/22 17:24:55 | 000,000,224 | ---- | C] () -- C:\Windows\91NU.ini
[2011/02/22 17:14:05 | 000,001,809 | ---- | C] () -- C:\Windows\if42le.ini
[2011/02/22 17:14:05 | 000,000,299 | ---- | C] () -- C:\Windows\Pexplore.ini
[2011/02/22 17:10:42 | 000,015,360 | ---- | C] () -- C:\Windows\System32\GetInst32.dll
[2011/01/02 20:55:21 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/07/29 08:18:33 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Canneverbe Limited
[2011/11/10 17:16:14 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\com.spoce.PRINCE2EventPrep.607D1209833FBB41CF7E9FFB79F78DC1DBCDE874.1
[2011/01/29 19:25:28 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\ConsumerSoft
[2012/03/16 13:26:22 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\DriverCure
[2013/02/15 17:36:18 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Dropbox
[2013/02/07 09:26:17 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\DSite
[2011/12/16 22:41:46 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\ErrorTeck
[2012/03/16 13:45:19 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\GetRightToGo
[2011/05/01 16:28:54 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\gtk-2.0
[2011/05/05 08:46:09 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\iExpert Software
[2011/12/16 22:37:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Leadertech
[2011/12/16 22:46:28 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Memeo
[2012/06/24 21:01:26 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
[2012/09/22 13:03:32 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\NewSoft
[2012/09/22 13:03:32 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Nokia
[2011/06/13 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\PC Suite
[2013/02/07 09:48:53 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\PDFConverterPackages
[2013/01/28 17:32:03 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Samsung
[2013/02/07 10:21:12 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Smart PDF Converter
[2011/05/13 13:37:12 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Smart PDF Creator
[2011/03/01 14:42:47 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\SmartSoftOCRHelper
[2012/11/28 17:25:01 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\SparkTrust
[2012/11/06 11:17:41 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\SpeedyPC Software
[2012/12/19 15:48:07 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Spotify
[2013/02/07 09:29:16 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Strongvault
[2012/09/22 13:03:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\TeamViewer
[2012/09/22 13:03:36 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\TuneUp Software
[2012/11/25 16:27:46 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\WinPatrol

========== Purity Check ==========



< End of report >

HAVE YOU SEEN THIS ADW CLEANER REPORT ???INCLUDED JUST INCASE YOU HAVENT THANKS

# AdwCleaner v2.112 - Logfile created 02/15/2013 at 17:47:47
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Jo - JOPOPE-PC01
# Boot Mode : Normal
# Running from : C:\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R8].txt - [798 octets] - [15/02/2013 17:47:47]

########## EOF - C:\AdwCleaner[R8].txt - [857 octets] ##########

[godawgs]

Now that you are back on line, I need a fresh OTL scan to see where we are. Please use the following directions.

In your original post you said:

I have a problem with my computer and would appreciate some help I first got a Delta search bar then safesearch.net and now when I put a topic to search for in firefox it wont work

I have some questions.
1.
Do you still get the Delta search bar?

2.
Did you turn safesearch on from your Google account or Yahoo account?

3.
Can you search in firefox now?

OTL Scan

Please re-open on the desktop. To do that:

• Vista /7 users: right click the icon and click Run as Administrator.

Make sure all other windows are closed .

• You will see a console like the one below:
  
  
  
• At the top of the console, click the box beside Scan All Users
• Do Not click the box deside Include 64bit Scans
• Make sure the Output box at the top is set to Standard Output.
• Click the box beside LOP Check and Purity Check
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt. This file is saved in the same location as OTL.
• Please copy the contents of this file and paste it into your reply. To do that:
• On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right-click inside the forum post window then click Paste.This will paste the contents of the .txt file in the in the post window.

In the mean time I'm gonna check with some colleagues and see if we can find out what happened in the OTKL fix that caused the internet to break.

[JoPopey]

Hi there,

1. I no longer have the delta search bar or Safe search....I usually used Mozilla Firefox, never yahoo.
2. I also didn't turn either Delta or safe search on, they just started on system, at the time I was using Mozilla Firefox. When I tried to delete Delta i acquired Safe Search!
3. I can still not search using Firefox, unless i use the little box at top right hand corner of page, not the main one in the center of the page as nothing happens.

Here is the latest OTL Scan, thank you in advance.

Jo

OTL logfile created on: 17/02/2013 09:29:11 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 49.69% Memory free
3.87 Gb Paging File | 2.80 Gb Available in Paging File | 72.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 35.06 Gb Total Space | 4.93 Gb Free Space | 14.05% Space Free | Partition Type: NTFS
Drive D: | 113.89 Gb Total Space | 40.74 Gb Free Space | 35.77% Space Free | Partition Type: NTFS

Computer Name: JOPOPE-PC01 | User Name: Jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/11 09:15:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/01/26 02:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/01/20 19:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/20 04:02:24 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/15 09:01:21 | 012,638,576 | ---- | M] () -- C:\Users\Jo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013/01/26 02:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/26 02:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 02:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2012/06/20 21:23:00 | 000,599,419 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2013/02/14 16:54:25 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/01 18:22:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/07/27 20:58:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jo\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jo\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2013/02/05 22:58:22 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/11/07 23:37:58 | 000,082,952 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2012/11/07 23:37:56 | 000,494,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/11/07 23:37:56 | 000,036,072 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/11/07 23:37:54 | 000,019,632 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2012/09/19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/08/23 14:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 14:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/21 10:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/10/24 05:39:40 | 000,278,528 | ---- | M] (AVEO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/06/18 18:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM)
DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...0C61407B26747B8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearc...0C61407B26747B8
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearc...0C61407B26747B8


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...0C61407B26747B8
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 A6 19 00 0F 6A CB 01 [binary data]
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\..\SearchScopes,DefaultScope = {0AEADF14-F17C-4F00-BE2F-99194450DB7C}
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\..\SearchScopes\{0AEADF14-F17C-4F00-BE2F-99194450DB7C}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\..\SearchScopes\{0B3C28E0-7C23-4167-A8B7-85D34F586D3A}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\..\SearchScopes\{16C71303-6956-47D8-B5C6-002F0605D5C8}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearc...0C61407B26747B8
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\..\SearchScopes\{95560BF3-6453-4704-BF91-1B25463ABE13}: "URL" = http://websearch.ask...81-6C3901274266
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "SafeSearch"
FF - prefs.js..browser.search.defaultenginename: "SafeSearch"
FF - prefs.js..browser.search.defaulturl: "http://www.safesearc...C61407B26747B8"
FF - prefs.js..browser.search.order.1: "SafeSearch"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "http://www.safesearc....net/search?q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/30 15:54:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/11 11:50:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/11/28 17:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo\AppData\Roaming\Mozilla\Extensions
[2013/02/07 17:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\extensions
[2013/02/04 11:51:36 | 000,307,659 | ---- | M] () (No name found) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\extensions\[email protected]
[2012/12/20 16:42:12 | 000,010,339 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\searchplugins\duckduckgo-1.xml
[2012/12/20 16:42:09 | 000,010,339 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\searchplugins\duckduckgo.xml
[2013/02/11 11:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/01 18:22:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/01 18:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/01 18:22:13 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

O1 HOSTS File: ([2012/11/19 22:31:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - Startup: C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3028E9AA-0C2D-45B0-A428-1EDCE1C22515}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/16 22:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\V92Modem
[2013/02/16 22:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\V92 Modem
[2013/02/16 22:03:01 | 000,000,000 | ---D | C] -- D:\My Documents\Defender update
[2013/02/16 21:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2013/02/16 21:29:47 | 000,000,000 | ---D | C] -- C:\Windows\TempB325CB1A-1160-D6FE-78D5-8DC68E097F12-Signatures
[2013/02/16 21:20:26 | 000,000,000 | ---D | C] -- C:\Windows\Temp864A00A4-59C9-FA78-CD34-AE77046CB9FA-Signatures
[2013/02/16 20:01:41 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\VSRevoGroup
[2013/02/15 09:01:24 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/02/14 22:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/02/14 09:24:26 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013/02/13 09:19:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/02/13 09:19:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/02/13 09:19:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/02/13 09:19:12 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/02/13 09:19:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/02/13 09:19:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/02/13 09:19:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/02/13 09:19:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/02/13 08:36:16 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/02/13 08:35:50 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/13 08:35:49 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/02/13 08:35:43 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/02/13 08:35:39 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/02/12 12:58:49 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/12 12:58:49 | 000,071,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/11 12:23:12 | 000,000,000 | ---D | C] -- C:\ArcSoft
[2013/02/11 11:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/02/11 11:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/11 09:17:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/11 09:16:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2013/02/10 11:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/02/10 11:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2013/02/10 11:28:50 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\libeay32.dll
[2013/02/10 11:28:50 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/02/10 11:28:50 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\ssleay32.dll
[2013/02/10 11:28:50 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/02/10 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Search Removal Tool
[2013/02/09 20:34:54 | 000,000,000 | ---D | C] -- D:\Desktop\FLAT BATH
[2013/02/07 18:59:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/07 18:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/07 18:57:18 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/07 18:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/07 17:41:30 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/02/07 17:41:02 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/02/07 17:29:29 | 000,000,000 | ---D | C] -- D:\My Documents\Add-in Express
[2013/02/07 16:57:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/07 16:57:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/07 16:57:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/07 16:55:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/02/07 10:24:34 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\SmartSoftOCRHelper
[2013/02/07 10:21:12 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Smart PDF Converter
[2013/02/07 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Strongvault
[2013/02/07 09:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2013/02/07 09:28:30 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Strongvault Online Backup
[2013/02/07 09:28:21 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Stronghold_LLC
[2013/02/07 09:27:48 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2013/02/07 09:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/02/07 09:26:17 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\DSite
[2013/02/06 21:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/02/06 21:10:11 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/06 21:09:46 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/02/06 21:09:46 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/02/06 21:09:46 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/02/05 11:53:29 | 000,000,000 | ---D | C] -- D:\Desktop\The Magdalene Laundry - CBS News_files
[2013/01/28 16:57:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/01/28 09:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/28 09:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/28 09:32:59 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/01/22 09:18:19 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Programs
[2013/01/22 09:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2013/01/21 20:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/11/16 21:41:04 | 001,287,016 | ---- | C] (Microsoft Corporation) -- C:\Users\Jo\windowslivemoviemaker.exe
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/17 09:22:49 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2013/02/17 09:20:16 | 000,013,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/17 09:20:16 | 000,013,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/17 09:13:40 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/17 09:13:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/16 22:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/16 21:58:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/16 21:50:01 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/15 09:01:24 | 000,001,082 | ---- | M] () -- D:\Desktop\Revo Uninstaller.lnk
[2013/02/15 08:54:02 | 000,002,233 | ---- | M] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/14 22:38:57 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/14 18:40:57 | 000,614,400 | ---- | M] () -- C:\Windows\System32\Image20.dat
[2013/02/14 18:40:13 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/14 16:54:24 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/14 16:54:23 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/13 16:09:45 | 000,022,442 | ---- | M] () -- D:\Desktop\pool.jpg
[2013/02/13 09:30:17 | 002,346,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/13 09:16:58 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/13 09:16:58 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/11 14:05:21 | 000,120,923 | ---- | M] () -- D:\Desktop\trip update....zip
[2013/02/11 11:51:17 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/11 09:15:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2013/02/10 20:27:47 | 000,587,659 | ---- | M] () -- C:\adwcleaner.exe
[2013/02/07 18:57:30 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/07 17:49:28 | 000,000,390 | R-S- | M] () -- C:\Users\Jo\ntuser.pol
[2013/02/07 17:41:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/02/06 21:09:35 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/02/06 21:09:32 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/06 21:09:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/02/06 21:09:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/02/06 21:09:30 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/02/06 21:09:29 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/02/06 09:13:26 | 000,001,053 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/05 22:58:22 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/01/28 15:55:52 | 000,051,731 | ---- | M] () -- D:\Desktop\Jo Pope-001.jpg
[2013/01/27 10:43:48 | 000,000,929 | ---- | M] () -- D:\Desktop\Dropbox.lnk
[2013/01/21 20:13:06 | 000,001,096 | ---- | M] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2013/01/21 20:13:06 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/15 08:59:55 | 000,001,082 | ---- | C] () -- D:\Desktop\Revo Uninstaller.lnk
[2013/02/14 22:38:57 | 000,002,233 | ---- | C] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/14 22:38:57 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/14 16:54:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/13 16:09:44 | 000,022,442 | ---- | C] () -- D:\Desktop\pool.jpg
[2013/02/11 14:05:15 | 000,120,923 | ---- | C] () -- D:\Desktop\trip update....zip
[2013/02/11 11:51:17 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/11 11:51:17 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/10 20:23:45 | 000,587,659 | ---- | C] () -- C:\adwcleaner.exe
[2013/02/07 18:57:30 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/07 17:29:28 | 000,000,390 | R-S- | C] () -- C:\Users\Jo\ntuser.pol
[2013/02/07 16:57:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/07 16:57:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/07 16:57:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/07 16:57:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/07 16:57:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/06 09:13:26 | 000,001,053 | ---- | C] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/28 15:55:52 | 000,051,731 | ---- | C] () -- D:\Desktop\Jo Pope-001.jpg
[2013/01/28 09:36:09 | 000,614,400 | ---- | C] () -- C:\Windows\System32\Image20.dat
[2013/01/28 09:33:07 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/21 20:16:03 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2013/01/21 20:13:06 | 000,001,096 | ---- | C] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2013/01/21 20:13:06 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/11/05 17:09:28 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/29 12:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/10/29 12:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/10/29 12:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/10/29 12:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/08/17 11:07:04 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/04/13 14:50:39 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/04/13 14:50:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012/02/22 15:03:45 | 000,000,088 | ---- | C] () -- C:\Windows\MSREGUSR.INI
[2011/07/07 08:18:37 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/02 16:35:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll
[2011/05/01 16:25:21 | 000,062,349 | ---- | C] () -- C:\Users\Jo\RW1.jpg
[2011/03/07 20:14:01 | 000,020,480 | ---- | C] () -- C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/22 17:24:55 | 000,000,224 | ---- | C] () -- C:\Windows\91NU.ini
[2011/02/22 17:14:05 | 000,001,809 | ---- | C] () -- C:\Windows\if42le.ini
[2011/02/22 17:14:05 | 000,000,299 | ---- | C] () -- C:\Windows\Pexplore.ini
[2011/02/22 17:10:42 | 000,015,360 | ---- | C] () -- C:\Windows\System32\GetInst32.dll
[2011/01/02 20:55:21 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/14 07:20:21 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/14 07:20:21 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/02/16 19:42:22 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AVG
[2013/02/16 19:42:22 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AVG10
[2010/07/29 08:18:33 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Canneverbe Limited
[2011/11/10 17:16:14 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\com.spoce.PRINCE2EventPrep.607D1209833FBB41CF7E9FFB79F78DC1DBCDE874.1
[2011/01/29 19:25:28 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\ConsumerSoft
[2012/03/16 13:26:22 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\DriverCure
[2013/02/17 09:14:16 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Dropbox
[2013/02/07 09:26:17 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\DSite
[2011/12/16 22:41:46 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\ErrorTeck
[2012/03/16 13:45:19 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\GetRightToGo
[2011/05/01 16:28:54 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\gtk-2.0
[2011/05/05 08:46:09 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\iExpert Software
[2011/12/16 22:37:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Leadertech
[2011/12/16 22:46:28 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Memeo
[2012/06/24 21:01:26 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
[2012/09/22 13:03:32 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\NewSoft
[2012/09/22 13:03:32 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Nokia
[2011/06/13 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\PC Suite
[2013/02/07 09:48:53 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\PDFConverterPackages
[2013/01/28 17:32:03 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Samsung
[2013/02/07 10:21:12 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Smart PDF Converter
[2011/05/13 13:37:12 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Smart PDF Creator
[2011/03/01 14:42:47 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\SmartSoftOCRHelper
[2012/11/28 17:25:01 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\SparkTrust
[2012/11/06 11:17:41 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\SpeedyPC Software
[2012/12/19 15:48:07 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Spotify
[2013/02/07 09:29:16 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Strongvault
[2012/09/22 13:03:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\TeamViewer
[2012/09/22 13:03:36 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\TuneUp Software
[2013/02/16 20:01:41 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\VSRevoGroup
[2012/11/25 16:27:46 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\WinPatrol

========== Purity Check ==========



< End of report >

[JoPopey]

Forgot to say, i now have google chrome on system but this is new...I rarely use Windows Explorer it is just on the system...Not sure should i just delete Firefox? as cant search using the large search box ?

[godawgs]

Thanks for the information. Let's see if this will help Firefox. It looks like two different SafeSearch items involved here. The AVG antivirus safesearch and safesearch.net that looks to be a browser hijacker. After you have run this fix I will give a link to a page tat has directions to remove the AVG safesearch toolbar from all majior browsers.

I am still checking on the Comodo issue.

Question: Did you just download and install a program called Uniblue?


Step-1

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...0C61407B26747B8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearc...0C61407B26747B8
IE - HKLM\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearc...0C61407B26747B8
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...0C61407B26747B8
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\..\SearchScopes\{0B3C28E0-7C23-4167-A8B7-85D34F586D3A}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearc...0C61407B26747B8
FF - prefs.js..browser.search.defaultengine: "SafeSearch"
FF - prefs.js..browser.search.defaultenginename: "SafeSearch"
FF - prefs.js..browser.search.defaulturl: "http://www.safesearc...C61407B26747B8"
FF - prefs.js..browser.search.order.1: "SafeSearch"
FF - prefs.js..keyword.URL: "http://www.safesearc....net/search?q="

:FILES
ipconfig /flushdns /c

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop. To do that:

• Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the button. Post the log it produces in your next reply.


Step-2.

For directions on how to check and see if AVG Secure Search has been removed or disabled from all browsers click here and follow the directions for all browsers. Then try the Firefox browser and see if you can search now.


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question above
2. The OTL fixes log
3. The new OTL.txt log
4. Let me know if Firefox is working properly.

[JoPopey]

Hi there,

thanks for your help so far,
1. yes i did install Uni blue as wanted to check all drivers up to date
2.All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B51C980-C6B0-11E1-9136-AED16088709B}\ not found.
HKU\S-1-5-21-3514929525-3119498317-4217759508-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3514929525-3119498317-4217759508-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0B3C28E0-7C23-4167-A8B7-85D34F586D3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B3C28E0-7C23-4167-A8B7-85D34F586D3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3514929525-3119498317-4217759508-1001\Software\Microsoft\Internet Explorer\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B51C980-C6B0-11E1-9136-AED16088709B}\ not found.
Prefs.js: "SafeSearch" removed from browser.search.defaultengine
Prefs.js: "SafeSearch" removed from browser.search.defaultenginename
Prefs.js: "http://www.safesearc...C61407B26747B8" removed from browser.search.defaulturl
Prefs.js: "SafeSearch" removed from browser.search.order.1
Prefs.js: "http://www.safesearc....net/search?q=" removed from keyword.URL
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jo
->Temp folder emptied: 13249818 bytes
->Temporary Internet Files folder emptied: 9430429 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1441300 bytes
->Google Chrome cache emptied: 77901271 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8692658 bytes
RecycleBin emptied: 116009963 bytes

Total Files Cleaned = 216.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02172013_205405

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
3.OTL logfile created on: 17/02/2013 20:58:51 - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = C:\
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 50.52% Memory free
3.87 Gb Paging File | 2.75 Gb Available in Paging File | 71.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 35.06 Gb Total Space | 5.01 Gb Free Space | 14.30% Space Free | Partition Type: NTFS
Drive D: | 113.89 Gb Total Space | 40.63 Gb Free Space | 35.67% Space Free | Partition Type: NTFS

Computer Name: JOPOPE-PC01 | User Name: Jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/11 09:15:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2013/02/01 18:22:34 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/01/26 02:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/01/20 19:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/20 04:02:24 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/01 18:22:37 | 003,023,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/26 02:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/26 02:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 02:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2012/06/20 21:23:00 | 000,599,419 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2013/02/14 16:54:25 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/01 18:22:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/07/27 20:58:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jo\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jo\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2013/02/05 22:58:22 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/11/07 23:37:58 | 000,082,952 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2012/11/07 23:37:56 | 000,494,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/11/07 23:37:56 | 000,036,072 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/11/07 23:37:54 | 000,019,632 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2012/09/19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/08/23 14:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 14:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/21 10:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/10/24 05:39:40 | 000,278,528 | ---- | M] (AVEO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/06/18 18:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM)
DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 A6 19 00 0F 6A CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0AEADF14-F17C-4F00-BE2F-99194450DB7C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0AEADF14-F17C-4F00-BE2F-99194450DB7C}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{16C71303-6956-47D8-B5C6-002F0605D5C8}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95560BF3-6453-4704-BF91-1B25463ABE13}: "URL" = http://websearch.ask...81-6C3901274266
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/30 15:54:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/11 11:50:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/11/28 17:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo\AppData\Roaming\Mozilla\Extensions
[2013/02/07 17:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\extensions
[2013/02/04 11:51:36 | 000,307,659 | ---- | M] () (No name found) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\extensions\[email protected]
[2012/12/20 16:42:12 | 000,010,339 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\searchplugins\duckduckgo-1.xml
[2012/12/20 16:42:09 | 000,010,339 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\0g2su0gn.default-1355390140088\searchplugins\duckduckgo.xml
[2013/02/11 11:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/01 18:22:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/01 18:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/01 18:22:13 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

O1 HOSTS File: ([2012/11/19 22:31:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - Startup: C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3028E9AA-0C2D-45B0-A428-1EDCE1C22515}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/17 15:16:37 | 000,000,000 | ---D | C] -- D:\Desktop\Columbia
[2013/02/16 22:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\V92Modem
[2013/02/16 22:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\V92 Modem
[2013/02/16 22:03:01 | 000,000,000 | ---D | C] -- D:\My Documents\Defender update
[2013/02/16 21:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2013/02/16 21:29:47 | 000,000,000 | ---D | C] -- C:\Windows\TempB325CB1A-1160-D6FE-78D5-8DC68E097F12-Signatures
[2013/02/16 21:20:26 | 000,000,000 | ---D | C] -- C:\Windows\Temp864A00A4-59C9-FA78-CD34-AE77046CB9FA-Signatures
[2013/02/16 20:01:41 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\VSRevoGroup
[2013/02/15 09:01:24 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/02/14 22:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/02/14 09:24:26 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013/02/11 12:23:12 | 000,000,000 | ---D | C] -- C:\ArcSoft
[2013/02/11 11:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/02/11 11:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/11 09:17:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/11 09:16:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2013/02/10 11:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/02/10 11:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2013/02/10 11:28:50 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\libeay32.dll
[2013/02/10 11:28:50 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/02/10 11:28:50 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\ssleay32.dll
[2013/02/10 11:28:50 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/02/10 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Search Removal Tool
[2013/02/09 20:34:54 | 000,000,000 | ---D | C] -- D:\Desktop\FLAT BATH
[2013/02/07 18:59:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/07 18:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/07 18:57:18 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/07 18:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/07 17:41:30 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/02/07 17:41:02 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/02/07 17:29:29 | 000,000,000 | ---D | C] -- D:\My Documents\Add-in Express
[2013/02/07 16:57:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/07 16:57:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/07 16:57:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/07 16:55:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/02/07 10:24:34 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\SmartSoftOCRHelper
[2013/02/07 10:21:12 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Smart PDF Converter
[2013/02/07 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Strongvault
[2013/02/07 09:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2013/02/07 09:28:30 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Strongvault Online Backup
[2013/02/07 09:28:21 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Stronghold_LLC
[2013/02/07 09:27:48 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2013/02/07 09:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/02/07 09:26:17 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\DSite
[2013/02/06 21:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/02/05 11:53:29 | 000,000,000 | ---D | C] -- D:\Desktop\The Magdalene Laundry - CBS News_files
[2013/01/28 16:57:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/01/28 09:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/28 09:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/28 09:32:59 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/01/22 09:18:19 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Programs
[2013/01/22 09:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2013/01/21 20:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/11/16 21:41:04 | 001,287,016 | ---- | C] (Microsoft Corporation) -- C:\Users\Jo\windowslivemoviemaker.exe
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/17 21:03:28 | 000,013,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/17 21:03:28 | 000,013,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/17 20:58:06 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/17 20:56:31 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/17 20:56:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/17 15:38:05 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2013/02/17 15:36:38 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/17 15:13:44 | 062,996,246 | ---- | M] () -- D:\Desktop\MVI_1769.AVI
[2013/02/17 11:13:22 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/16 21:50:01 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/15 09:01:24 | 000,001,082 | ---- | M] () -- D:\Desktop\Revo Uninstaller.lnk
[2013/02/15 08:54:02 | 000,002,233 | ---- | M] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/14 22:38:57 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/14 18:40:57 | 000,614,400 | ---- | M] () -- C:\Windows\System32\Image20.dat
[2013/02/13 16:09:45 | 000,022,442 | ---- | M] () -- D:\Desktop\pool.jpg
[2013/02/13 09:30:17 | 002,346,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/13 09:16:58 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/13 09:16:58 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/11 14:05:21 | 000,120,923 | ---- | M] () -- D:\Desktop\trip update....zip
[2013/02/11 11:51:17 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/11 09:15:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2013/02/10 20:27:47 | 000,587,659 | ---- | M] () -- C:\adwcleaner.exe
[2013/02/07 18:57:30 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/07 17:49:28 | 000,000,390 | R-S- | M] () -- C:\Users\Jo\ntuser.pol
[2013/02/07 17:41:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/02/06 09:13:26 | 000,001,053 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/05 22:58:22 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/01/28 15:55:52 | 000,051,731 | ---- | M] () -- D:\Desktop\Jo Pope-001.jpg
[2013/01/27 10:43:48 | 000,000,929 | ---- | M] () -- D:\Desktop\Dropbox.lnk
[2013/01/21 20:13:06 | 000,001,096 | ---- | M] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2013/01/21 20:13:06 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/17 15:16:22 | 062,996,246 | ---- | C] () -- D:\Desktop\MVI_1769.AVI
[2013/02/15 08:59:55 | 000,001,082 | ---- | C] () -- D:\Desktop\Revo Uninstaller.lnk
[2013/02/14 22:38:57 | 000,002,233 | ---- | C] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/14 22:38:57 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/14 16:54:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/13 16:09:44 | 000,022,442 | ---- | C] () -- D:\Desktop\pool.jpg
[2013/02/11 14:05:15 | 000,120,923 | ---- | C] () -- D:\Desktop\trip update....zip
[2013/02/11 11:51:17 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/11 11:51:17 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/10 20:23:45 | 000,587,659 | ---- | C] () -- C:\adwcleaner.exe
[2013/02/07 18:57:30 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/07 17:29:28 | 000,000,390 | R-S- | C] () -- C:\Users\Jo\ntuser.pol
[2013/02/07 16:57:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/07 16:57:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/07 16:57:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/07 16:57:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/07 16:57:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/06 09:13:26 | 000,001,053 | ---- | C] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/28 15:55:52 | 000,051,731 | ---- | C] () -- D:\Desktop\Jo Pope-001.jpg
[2013/01/28 09:36:09 | 000,614,400 | ---- | C] () -- C:\Windows\System32\Image20.dat
[2013/01/28 09:33:07 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/21 20:16:03 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2013/01/21 20:13:06 | 000,001,096 | ---- | C] () -- C:\Users\Jo\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2013/01/21 20:13:06 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/11/05 17:09:28 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/29 12:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/10/29 12:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/10/29 12:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/10/29 12:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/08/17 11:07:04 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/04/13 14:50:39 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/04/13 14:50:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012/02/22 15:03:45 | 000,000,088 | ---- | C] () -- C:\Windows\MSREGUSR.INI
[2011/07/07 08:18:37 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/02 16:35:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll
[2011/05/01 16:25:21 | 000,062,349 | ---- | C] () -- C:\Users\Jo\RW1.jpg
[2011/03/07 20:14:01 | 000,020,480 | ---- | C] () -- C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/22 17:24:55 | 000,000,224 | ---- | C] () -- C:\Windows\91NU.ini
[2011/02/22 17:14:05 | 000,001,809 | ---- | C] () -- C:\Windows\if42le.ini
[2011/02/22 17:14:05 | 000,000,299 | ---- | C] () -- C:\Windows\Pexplore.ini
[2011/02/22 17:10:42 | 000,015,360 | ---- | C] () -- C:\Windows\System32\GetInst32.dll
[2011/01/02 20:55:21 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/16 19:42:22 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AVG
[2013/02/16 19:42:22 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AVG10
[2010/07/29 08:18:33 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Canneverbe Limited
[2011/11/10 17:16:14 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\com.spoce.PRINCE2EventPrep.607D1209833FBB41CF7E9FFB79F78DC1DBCDE874.1
[2011/01/29 19:25:28 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\ConsumerSoft
[2012/03/16 13:26:22 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\DriverCure
[2013/02/17 20:57:40 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Dropbox
[2013/02/07 09:26:17 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\DSite
[2011/12/16 22:41:46 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\ErrorTeck
[2012/03/16 13:45:19 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\GetRightToGo
[2011/05/01 16:28:54 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\gtk-2.0
[2011/05/05 08:46:09 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\iExpert Software
[2011/12/16 22:37:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Leadertech
[2011/12/16 22:46:28 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Memeo
[2012/06/24 21:01:26 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
[2012/09/22 13:03:32 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\NewSoft
[2012/09/22 13:03:32 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Nokia
[2011/06/13 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\PC Suite
[2013/02/07 09:48:53 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\PDFConverterPackages
[2013/01/28 17:32:03 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Samsung
[2013/02/07 10:21:12 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Smart PDF Converter
[2011/05/13 13:37:12 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Smart PDF Creator
[2011/03/01 14:42:47 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\SmartSoftOCRHelper
[2012/11/28 17:25:01 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\SparkTrust
[2012/11/06 11:17:41 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\SpeedyPC Software
[2012/12/19 15:48:07 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Spotify
[2013/02/07 09:29:16 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Strongvault
[2012/09/22 13:03:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\TeamViewer
[2012/09/22 13:03:36 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\TuneUp Software
[2013/02/16 20:01:41 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\VSRevoGroup
[2012/11/25 16:27:46 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\WinPatrol

========== Purity Check ==========



< End of report >

4. Firefox is now working.

ALSO..
I couldnt under Mozilla Firefox Choose RESET under preference name for browser.search.searchEnginesURL
Or RESET Keyword.URL also on Mozilla

In Chrome I deleted Delta and Safesearch from default settings (perhaps they join onto browser I use the most? at present that is Chrome.

Cheers