Registry Edit Virus [Solved]
#31
Posted 12 February 2014 - 08:52 PM
#32
Posted 12 February 2014 - 09:20 PM
-----------------------------------------------------------------------------------------------
System Restore did not complete successfully. Your computer's system files and settings were not changed.
Details:
An unspecified error occurred during System Restore.
You might want to try System Restore again and choose a different restore point.
-----------------------------------------------------------------------------------------------
While i'm disappointed, i'm not entirely surprised. System restore had not been working on this machine previously. It seemed promising when OTL successfully created the restore point, but i'm guessing whatever that issue was before still exists.
My browser is still showing html basic for Yahoo!, but looks normal on Geekstogo. I did some quick internet browsing, (weather.com and google maps) and it appears that the html basic look is somehow Yahoo! specific. Yahoo sports is my home page, so i would like to resolve this issue. Wondering if it might be somehow related to security settings in Firefox.
The message i get is: Note: You are reading this message either because you do not have a standards-compliant browser, or because you can not see our css files.
Wondering if something we did changed Firefox's settings to block css files.
#33
Posted 12 February 2014 - 09:58 PM
No. We didn't changs any of the FF settings that would affect that.Wondering if something we did changed Firefox's settings to block css files.
I don't think so. It's probably the cache.My browser is still showing html basic for Yahoo!, but looks normal on Geekstogo. I did some quick internet browsing, (weather.com and google maps) and it appears that the html basic look is somehow Yahoo! specific. Yahoo sports is my home page, so i would like to resolve this issue. Wondering if it might be somehow related to security settings in Firefox.
- Open Chrome and let the Yahoo Sports home page load.
- Press and hold Shift key and left-click the Reload button.
- Next click the down arrow beside Firefox in the upper left corner and click Options. The Options page will open.
- Click the Advanced icon at the upper right of the page.
- Click the Network tab.
- In the Cached Web Content section, click the Clear Now button.
- Click OK to save the changes and close the Options page.
- Close the browser and then re-open it.
#34
Posted 12 February 2014 - 11:12 PM
I know we're not done, but wanted to say thanks for everything so far.
#35
Posted 13 February 2014 - 11:08 AM
I want to run an OTL fix that will include the items in the last scan and the items in the ESET scan results, but first we are gonna disable the Avira file protection.
Step-1.
Temp' Disable Avira File Protection:
- Right-click on the system tray icon for Avira >> Configure Avira Free Antivirus
- Once the GUI(graphical user interface) has appeared/loaded >> click on Expert mode >> General >> Security
- Now de-select the option under the System Protection heading: Protect files and registry entries from manipulation and Protect Windows hosts file from changes >> Apply >> OK
Step-2
OTL Fix
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.
:COMMANDS
[createrestorepoint]
:REG
[-HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\Gstion Update]
[-HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDT Auto]
[-HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDT Tray]
[-HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDT Update]
:FILES
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\ApnIC[1].0
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\ApnIC[1].0
:COMMANDS
[emptytemp]
Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.
2. Please re-open on your desktop. To do that:
- Vista and 7 users: Right click the icon and click Run as Administrator
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the button. Post the log it produces in your next reply.
Now let's update some programs.
Step-3.
Your Java is badly out of date. And the Adobe Flashplayer and Adobe Reader programs are out of date. So let's update them.
JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:
- For Firefox, install the NoScript add-on.
- For Chrome, install the Script-No add-on.
NOTE: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Java. - Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)
A.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:
- Download the latest version of the Java Runtime Environment (JRE) Version from Here or Here and save it to your desktop.
- Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 7u51
- Click the "Download button under the JRE" column.
- On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
- Under the Java SE Runtime Environment 7u51 heading:
To install the version for your system:- For Windows 64bit systems, look for Windows x64 29.37MB, click the jre-7u51-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.
- Close any programs you may have running - especially your web browser.
B.
Uninstall all versions of Java
- Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
- Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
The versions I see on the computer are:
- Java 7 Update 7
- Java™ 6 Update 7
- Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
Install the latest JAVA
Back on your desktop:
- Right click the jre-7u51-windows-x64.exefile and click Run as Administrator and OK the UAC prompt to install the newest version.
- When the Java Setup - Welcome window opens, click the Install > button.
- If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Step-4.
Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.
- Windows Vista /7 Users: Click the Start Orb and click Control Panel. Under the Programs heading click Uninstall a program
- Remove ALL instances of Adobe Reader. The version(s) I see on the computer are:
- Adobe Reader 9
- Right click each program and cilck Uninstall
- Re-boot your computer as required.
- Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from Here.
- Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box.
- Click the Download Now button to download Adobe Reader and follow the directions.
NOTE: When installing FoxitReader, be careful not to install anything to do with AskBar or any other 3rd party software.
Step-5.
Update Adobe Flash Player
NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.
You will need to download and install both the IE and non-IE versions of Adobe Flashplayer. Click here to go to the download page.
- In the Adobe Flash Player column, under Step 1, click the down arrow and choose your operating system.
- Under Step 2, click the down arrow and select the browser you want to install FlashPlayer for.
You will need to download and install each version of FlashPlayer (Flash Player for Internet Explorer AND Flash Player for Other Browsers) seperately
- In the Optional offer: cloumn, make sure to uncheck the box beside Yes, install free McAfee Security Scan Plus before downloading.
- Click the Download now button. The File Download window will open.
- Click Save File and save the install_flashplayerXXxXX_xxxx_xxx_xxx.exeset up file to the desktop.
- Repeat the above for the other version of Flash Player.
- Close the browse and all open windows.
- Back on the desktop, double click on one of the Flash Player setup files to start the installation.
- If you get a Security Warning box, click Run
- If you gat a UAC warning click Continue or Yes
- Once the installation has completed, double click the other Flash Player setup file and repeat the above to install it.
Step-6.
Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if the program updates were successful.
2. The OTL fixes log
3. The new OTL.txt log
#36
Posted 13 February 2014 - 01:21 PM
I also downloaded (and installed) the Firefox "No Script" add on, and unistalled my 2 Java versions. When i went to install the new Java version, i noticed my file is not jre-7u51-windows-64.exe,
rather the file on my desktop is jre-7u51-windows-x64.exe.part. Maybe a partial download?
I tried to re-download the file, but get the following message:
----------------------------------------------------
Sorry!
In order to download products from Oracle Technology Network you must agree to the OTN license terms.
Be sure that...
Your browser has "cookies" and JavaScript enabled.
You clicked on "Accept License" for the product you wish to download.
You attempt the download within 30 minutes of accepting the license.
From here you can go...
Back to Previous Page
Site Map
OTN Homepage
RSS | Legal Notices and Terms for Use | Privacy Statement
----------------------------------------------------
Likewise, with Adobe, i can't download the new version, either:
----------------------------------
JavaScript is currently disabled in your browser and is required to download Adobe Reader.
Click here for instructions to enable JavaScript.
----------------------------------
So, i've uninstalled Java, but can't re-install it, or upgrade Adobe without it.
It does look like i have a copy of the old .exe for one of the Java Versions i had before:jre-7u7-windows-x64.exe
Guessing i'll need to reinstall that, then re-download and install the new Java version, then get new Adobe & Flash. Let me know if you think this is my best bet, or if you have a different approach.
2. OTL Fix log:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\Gstion Update\ not found.
Registry key HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDT Auto\ not found.
Registry key HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDT Tray\ not found.
Registry key HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDT Update\ not found.
========== FILES ==========
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\ApnIC[1].0 moved successfully.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\ApnIC[1].0 not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Pete
->Temp folder emptied: 2382848 bytes
->Temporary Internet Files folder emptied: 870630 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 79037205 bytes
->Flash cache emptied: 6130 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1056386 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 80.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02132014_130237
Files\Folders moved on Reboot...
C:\Users\Pete\AppData\Local\Temp\ehmsas.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
3. OTL.txt Log:
OTL logfile created on: 2/13/2014 2:02:40 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pete\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 41.23% Memory free
4.24 Gb Paging File | 2.38 Gb Available in Paging File | 56.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.18 Gb Total Space | 287.72 Gb Free Space | 63.49% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.99 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
Computer Name: PETE-PC | User Name: Pete | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/01/14 15:10:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pete\Downloads\OTL.exe
PRC - [2011/06/28 21:31:49 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 19:11:59 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/08/02 16:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/09 17:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/02/09 17:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/02/09 17:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/25 15:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 15:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/28 20:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/19 16:04:50 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
========== Modules (No Company Name) ==========
MOD - [2011/12/05 12:49:38 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\a3a76226460de2153a62bdbfed9228b9\System.Management.ni.dll
MOD - [2011/12/05 12:22:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll
MOD - [2011/12/05 12:22:57 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\87f2c180fec78701501d8e3e84fac248\System.EnterpriseServices.ni.dll
MOD - [2011/12/05 12:22:57 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5cbea3b1a1d74123219b69306b8c8af2\System.Transactions.ni.dll
MOD - [2011/12/05 12:22:57 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\87f2c180fec78701501d8e3e84fac248\System.EnterpriseServices.Wrapper.dll
MOD - [2011/12/05 12:18:49 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\550e7b31f1821d964f21f0a854e3f195\System.Data.ni.dll
MOD - [2011/12/05 12:18:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\61019556ac408cc39cc478101b0d3cb4\PresentationFramework.Aero.ni.dll
MOD - [2011/12/05 12:18:39 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0444ab43ccfb3390d2eaab1d9a34772f\PresentationFramework.ni.dll
MOD - [2011/12/05 12:18:23 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll
MOD - [2011/12/05 12:18:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll
MOD - [2011/12/05 12:18:10 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll
MOD - [2011/12/05 12:18:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\207b1e1e2254c7a308efe4f903e52ce2\System.Configuration.ni.dll
MOD - [2011/12/05 12:18:03 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5c25d899e7dcebd6b63d192b79bc6b8e\PresentationCore.ni.dll
MOD - [2011/12/05 12:17:51 | 003,314,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\93391bd2f02e492718c69bef3abc5a64\WindowsBase.ni.dll
MOD - [2011/12/05 12:17:48 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll
MOD - [2011/12/05 12:17:20 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll
MOD - [2010/03/19 09:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/03/19 09:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/03/19 09:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/04/10 23:28:22 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/04/10 19:04:16 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 21:42:20 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 21:42:18 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/12/25 15:41:24 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/11/18 14:03:14 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/11/18 13:57:08 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/11/18 13:57:06 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/11/18 13:56:58 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/11/18 13:56:56 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/11/18 13:56:40 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/11/18 13:56:40 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/11/18 13:56:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
========== Services (SafeList) ==========
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2008/12/31 07:35:14 | 000,934,400 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/10/26 15:49:46 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 10:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/03/18 07:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/02/05 13:20:28 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/28 21:31:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 19:11:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/09 17:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/02/09 17:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/28 21:31:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 21:31:49 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2008/12/31 09:01:20 | 004,993,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/10/26 15:50:58 | 000,469,504 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/10/23 04:42:06 | 000,128,352 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/09/04 12:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/28 18:57:24 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/24 11:48:10 | 000,250,928 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/06/23 06:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 06:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 06:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/03/21 07:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 20:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/15 03:40:30] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}
IE:64bit: - HKLM\..\SearchScopes\{3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes,DefaultScope = {273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes\{273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes\{7148CB92-9375-4E9C-A5C0-166ACF27981A}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://sports.yahoo....X81xSObsw5nYcB"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Pete\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/12 18:53:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Pete\AppData\Roaming\Move Networks [2009/11/21 19:43:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/12 18:53:51 | 000,000,000 | ---D | M]
[2011/01/18 15:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Extensions
[2014/02/13 13:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions
[2011/04/10 20:01:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2014/02/13 13:41:06 | 000,536,255 | ---- | M] () (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/02/13 13:22:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/12 18:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/05 13:20:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2011/11/24 10:05:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [Gstion Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Auto] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Tray] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..Trusted Domains: yahoo.com ([sports] http in Trusted sites)
O15 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://www.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC2929E-B9E6-4589-A980-0CD02A9CA469}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89C1B4C5-FB96-4F64-B942-D383F21133F9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/02/13 13:19:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/12 14:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/02/11 14:53:56 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/02/11 14:47:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/02/11 14:25:38 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/02/11 14:21:45 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/02/11 14:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/02/11 14:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/02/10 16:45:42 | 000,000,000 | ---D | C] -- C:\Temp
[2014/02/09 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2014/02/09 18:36:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/09 18:25:38 | 001,037,530 | ---- | C] (Thisisu) -- C:\Users\Pete\Desktop\JRT.exe
[2014/02/09 17:41:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/09 17:39:38 | 000,453,632 | ---- | C] (Farbar) -- C:\Users\Pete\Desktop\FSS.exe
[2014/02/09 16:39:04 | 004,122,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/02/09 14:46:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/09 00:00:22 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Pete\Desktop\aswmbr.exe
[2014/02/07 11:01:41 | 000,000,000 | ---D | C] -- C:\Users\Pete\AppData\Local\KB9369951
========== Files - Modified Within 30 Days ==========
[2014/02/13 13:41:55 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/13 13:41:55 | 000,584,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/13 13:41:55 | 000,097,662 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/13 13:37:22 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/13 13:37:22 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/13 13:37:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/13 13:37:06 | 2144,538,624 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/12 18:27:00 | 000,204,288 | ---- | M] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/12 16:54:29 | 000,987,425 | ---- | M] () -- C:\Users\Pete\Desktop\SecurityCheck.exe
[2014/02/11 15:04:00 | 000,002,551 | ---- | M] () -- C:\Users\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2014/02/11 14:46:57 | 000,315,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/11 14:45:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/02/11 14:43:18 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/02/11 14:30:57 | 000,690,960 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/11 14:23:41 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-PETE-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2014/02/11 14:19:39 | 000,001,994 | ---- | M] () -- C:\Users\Pete\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/02/11 14:06:30 | 005,074,688 | ---- | M] () -- C:\Users\Pete\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2014/02/10 13:28:45 | 003,977,750 | ---- | M] () -- C:\Users\Pete\Desktop\servicesbak.reg
[2014/02/10 13:20:35 | 000,006,288 | ---- | M] () -- C:\Users\Pete\Desktop\BITS.reg
[2014/02/10 13:20:29 | 000,000,866 | ---- | M] () -- C:\Users\Pete\Desktop\legacy_wscsvc.reg
[2014/02/10 13:20:25 | 000,000,866 | ---- | M] () -- C:\Users\Pete\Desktop\legacy_sdrsvc.reg
[2014/02/09 18:25:51 | 004,009,167 | ---- | M] () -- C:\Users\Pete\Desktop\ServicesRepair.exe
[2014/02/09 18:25:38 | 001,037,530 | ---- | M] (Thisisu) -- C:\Users\Pete\Desktop\JRT.exe
[2014/02/09 17:40:10 | 001,166,132 | ---- | M] () -- C:\Users\Pete\Desktop\AdwCleaner.exe
[2014/02/09 17:39:38 | 000,453,632 | ---- | M] (Farbar) -- C:\Users\Pete\Desktop\FSS.exe
[2014/02/09 16:39:05 | 004,122,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/02/09 01:48:37 | 000,000,512 | ---- | M] () -- C:\Users\Pete\Desktop\MBR.dat
[2014/02/09 00:00:23 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Pete\Desktop\aswmbr.exe
[2014/02/07 09:06:09 | 000,000,870 | ---- | M] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2014/02/01 15:17:14 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPete.job
========== Files Created - No Company Name ==========
[2014/02/12 16:54:28 | 000,987,425 | ---- | C] () -- C:\Users\Pete\Desktop\SecurityCheck.exe
[2014/02/11 14:30:57 | 000,690,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/11 14:23:41 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PETE-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2014/02/11 14:19:39 | 000,001,994 | ---- | C] () -- C:\Users\Pete\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/02/11 14:06:29 | 005,074,688 | ---- | C] () -- C:\Users\Pete\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2014/02/10 13:28:45 | 003,977,750 | ---- | C] () -- C:\Users\Pete\Desktop\servicesbak.reg
[2014/02/10 13:20:34 | 000,006,288 | ---- | C] () -- C:\Users\Pete\Desktop\BITS.reg
[2014/02/10 13:20:28 | 000,000,866 | ---- | C] () -- C:\Users\Pete\Desktop\legacy_wscsvc.reg
[2014/02/10 13:20:24 | 000,000,866 | ---- | C] () -- C:\Users\Pete\Desktop\legacy_sdrsvc.reg
[2014/02/10 08:54:20 | 2144,538,624 | -HS- | C] () -- C:\hiberfil.sys
[2014/02/09 18:25:47 | 004,009,167 | ---- | C] () -- C:\Users\Pete\Desktop\ServicesRepair.exe
[2014/02/09 17:40:10 | 001,166,132 | ---- | C] () -- C:\Users\Pete\Desktop\AdwCleaner.exe
[2014/02/09 01:48:37 | 000,000,512 | ---- | C] () -- C:\Users\Pete\Desktop\MBR.dat
[2014/02/07 09:06:09 | 000,000,870 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2013/11/12 16:50:15 | 000,000,004 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\cache.ini
[2010/05/12 10:41:48 | 000,004,922 | ---- | C] () -- C:\ProgramData\amjmwaey.gaf
[2009/11/23 18:48:41 | 000,204,288 | ---- | C] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 17:54:46 | 000,005,089 | ---- | C] () -- C:\ProgramData\cbkxtjjv.ukg
[2009/09/09 08:02:33 | 000,000,680 | ---- | C] () -- C:\Users\Pete\AppData\Local\d3d9caps.dat
[2009/08/26 11:24:45 | 000,000,600 | ---- | C] () -- C:\Users\Pete\PUTTY.RND
========== ZeroAccess Check ==========
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 11:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/05/30 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Flip Video
[2009/10/04 00:38:02 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Gamelab
[2010/03/27 23:01:51 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Leadertech
[2010/05/12 10:41:49 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\MOVAVI
[2010/05/12 10:43:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Movavi Flash Converter
[2010/05/12 10:43:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Movavi Flash Converter 2
[2009/08/21 23:18:03 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\SPORE Creature Creator
[2009/08/19 12:21:27 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\WildTangent
========== Purity Check ==========
< End of report >
#37
Posted 13 February 2014 - 02:01 PM
For now, please open the FF browser. Click the down arrow beside Firefox in the upper left hand corner and click Add-ons. On the Add-ons page click Extensions in the left column. In the right column find the NoScript add-on and click the Disable button.
Close the browser and then delete the jre-7u51-windows-x64.exe.part file on the desktop.
Re-open it and then go to the Java site and download the update again. It should download correctly this time
Do the same thing with the Adobe file.
Once you have the updates done you gan go to the No-Scripts page here and read about how to work the NoScript add-on. Once you know how to use it you can go back to the Firefox add-on page an Enable it again.
#38
Posted 13 February 2014 - 02:58 PM
The OTL logs were included in my last post.
I still get the cpp and dll errors upon start-up.
#39
Posted 14 February 2014 - 02:30 PM
I'm not sure where the dll errors are being generated from. The hzlnits.dll and SyncServer.dll files are linked to a program called Gstion. Do you know what that is?
The DMCComponent.dll file is relate to Hewlit Packard so it could be anything from system files that HP put on the computer to printer aoftware files.
The ssqnuxtvb.dll file is linked to a directory named IDT. This could be anything from a telecommunications company to a energy company to a computer IT training company. Do you have any idea what this is related to?
The nbrf3bo9.cpp file...I had OTL remove it. It is a source code file written in C++ It should be in the OTL_MovedFiles folder. Let's see if we can find it.
These scan settings should produce a very limited OTL scan.
OTL Custom Scan
1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:
- Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
createrestorepoint
/md5start
nbrf3bo9.cpp
/md5stop
2. Re-open on the desktop. To do that:
- Vista / 7 Users: Right click on the icon and click Run as Administrator)
- You will see a console like the one below:
- Click the greyed out None button at the top of the console.<---Very Important
- Click the box beside Scan All Users at the top of the console
- Click the box beside Include 64bit Scans at the top of the console.
- Make sure the Output box at the top is set to Standard Output.
- Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
- Click the button. Do not change any settings unless otherwise told to do so.
- [color=green]Let the scan run uninterrupted.
- When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
- Please copy the contents of this file and paste it into your reply. To do that:
- On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
- Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Answer my questions above and post the new OTL.txt log please.
#40
Posted 14 February 2014 - 05:46 PM
I don't know what Gstion is. I couldn't even find the file folder.
I believe IDT is an audio driver package that came installed on my HP machine.
OTL.TXT:
OTL logfile created on: 2/14/2014 6:30:37 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pete\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.17% Memory free
4.24 Gb Paging File | 2.26 Gb Available in Paging File | 53.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.18 Gb Total Space | 303.97 Gb Free Space | 67.07% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.99 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
Computer Name: PETE-PC | User Name: Pete | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Custom Scans ==========
< End of report >
#41
Posted 14 February 2014 - 11:15 PM
The folder has been deleted. But the Run key in the registry is still trying to load the file. I have tried deleting the registry key but it hasn't worked.I don't know what Gstion is. I couldn't even find the file folder.
The IDT audio drivers are still there and the registry loading the control panel into the system tray at start up is still there. This is a run entry in the registry trying to load a system file and I can't see any reason for that. And I can't get it to delete.I believe IDT is an audio driver package that came installed on my HP machine.
I want to try running the OTL fix from the Safe Mode. If that doesn't work I'll ask some colleagues to take a look.
Step-1.
Reboot into Safe Mode.
- Restart Windows in Safe Mode. To do that....
- Restart your computer and as soon as it starts booting up again continuously tap the F8 key.
- An Advanced Boot Options screen will come up where you will be given the option to enter Safe Mode.
NOTE: If you miss the Boot menu, continue to let the machine boot up. Then restart the machine and start tapping the F8 key.
Very Important: Never restart the computer while it is booting up. Bad things, including the computer not being able to load Windows, can occur!
- Use the down arrow key to highlight Safe Mode and push the ENTER key.
Once in Safe Mode:
OTL Fix
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.
:COMMANDS
[createrestorepoint]
:REG
[-HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\Gstion Update]
[-HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDT Auto]
[-HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDT Tray]
[-HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDT Update]
:COMMANDS
[emptytemp]
Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.
2. Please re-open on your desktop. To do that:
- Vista and 7 users: Right click the icon and click Run as Administrator
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the button. Post the log it produces in your next reply.
Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL fixes log
2. The new OTL.txt log
#42
Posted 15 February 2014 - 11:18 AM
OTL Fixes log:
All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== REGISTRY ==========
Registry key HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\Gstion Update\ not found.
Registry key HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDT Auto\ not found.
Registry key HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDT Tray\ not found.
Registry key HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDT Update\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Pete
->Temp folder emptied: 148310 bytes
->Temporary Internet Files folder emptied: 412647 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 302589426 bytes
->Flash cache emptied: 925 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 532606 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 290.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02152014_113741
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL.txt log:
OTL logfile created on: 2/15/2014 11:56:47 AM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pete\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 33.17% Memory free
4.23 Gb Paging File | 2.28 Gb Available in Paging File | 53.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.18 Gb Total Space | 301.53 Gb Free Space | 66.54% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.99 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
Computer Name: PETE-PC | User Name: Pete | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/01/14 15:10:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pete\Downloads\OTL.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/28 21:31:49 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 19:11:59 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/08/02 16:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/09 17:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/02/09 17:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/02/09 17:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/25 15:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 15:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/28 20:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ==========
MOD - [2011/12/05 12:49:38 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\a3a76226460de2153a62bdbfed9228b9\System.Management.ni.dll
MOD - [2011/12/05 12:22:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll
MOD - [2011/12/05 12:22:57 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\87f2c180fec78701501d8e3e84fac248\System.EnterpriseServices.ni.dll
MOD - [2011/12/05 12:22:57 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5cbea3b1a1d74123219b69306b8c8af2\System.Transactions.ni.dll
MOD - [2011/12/05 12:22:57 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\87f2c180fec78701501d8e3e84fac248\System.EnterpriseServices.Wrapper.dll
MOD - [2011/12/05 12:18:49 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\550e7b31f1821d964f21f0a854e3f195\System.Data.ni.dll
MOD - [2011/12/05 12:18:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\61019556ac408cc39cc478101b0d3cb4\PresentationFramework.Aero.ni.dll
MOD - [2011/12/05 12:18:39 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0444ab43ccfb3390d2eaab1d9a34772f\PresentationFramework.ni.dll
MOD - [2011/12/05 12:18:23 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll
MOD - [2011/12/05 12:18:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll
MOD - [2011/12/05 12:18:10 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll
MOD - [2011/12/05 12:18:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\207b1e1e2254c7a308efe4f903e52ce2\System.Configuration.ni.dll
MOD - [2011/12/05 12:18:03 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5c25d899e7dcebd6b63d192b79bc6b8e\PresentationCore.ni.dll
MOD - [2011/12/05 12:17:51 | 003,314,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\93391bd2f02e492718c69bef3abc5a64\WindowsBase.ni.dll
MOD - [2011/12/05 12:17:48 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll
MOD - [2011/12/05 12:17:20 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll
MOD - [2010/03/19 09:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/03/19 09:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/03/19 09:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/04/10 23:28:22 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/04/10 19:04:16 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 21:42:20 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 21:42:18 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/12/25 15:41:24 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/11/18 14:03:14 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/11/18 13:57:08 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/11/18 13:57:06 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/11/18 13:56:58 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/11/18 13:56:56 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/11/18 13:56:40 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/11/18 13:56:40 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/11/18 13:56:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
========== Services (SafeList) ==========
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2008/12/31 07:35:14 | 000,934,400 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/10/26 15:49:46 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 10:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/03/18 07:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/02/14 23:21:41 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/13 15:40:37 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/28 21:31:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 19:11:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/09 17:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/02/09 17:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/28 21:31:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 21:31:49 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2008/12/31 09:01:20 | 004,993,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/10/26 15:50:58 | 000,469,504 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/10/23 04:42:06 | 000,128,352 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/09/04 12:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/28 18:57:24 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/24 11:48:10 | 000,250,928 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/06/23 06:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 06:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 06:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/03/21 07:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 20:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/15 03:40:30] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}
IE:64bit: - HKLM\..\SearchScopes\{3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes,DefaultScope = {273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes\{273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes\{7148CB92-9375-4E9C-A5C0-166ACF27981A}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://sports.yahoo....X81xSObsw5nYcB"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Pete\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/14 23:21:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Pete\AppData\Roaming\Move Networks [2009/11/21 19:43:05 | 000,000,000 | ---D | M]
[2011/01/18 15:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Extensions
[2014/02/13 13:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions
[2011/04/10 20:01:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2014/02/13 13:41:06 | 000,536,255 | ---- | M] () (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/02/14 23:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 23:21:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2011/11/24 10:05:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [Gstion Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Auto] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Tray] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..Trusted Domains: yahoo.com ([sports] http in Trusted sites)
O15 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://www.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC2929E-B9E6-4589-A980-0CD02A9CA469}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89C1B4C5-FB96-4F64-B942-D383F21133F9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/02/14 23:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/13 15:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/02/13 15:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/13 15:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/02/12 14:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/02/11 14:53:56 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/02/11 14:47:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/02/11 14:25:38 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/02/11 14:21:45 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/02/11 14:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/02/11 14:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/02/10 16:45:42 | 000,000,000 | ---D | C] -- C:\Temp
[2014/02/09 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2014/02/09 18:36:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/09 18:25:38 | 001,037,530 | ---- | C] (Thisisu) -- C:\Users\Pete\Desktop\JRT.exe
[2014/02/09 17:41:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/09 17:39:38 | 000,453,632 | ---- | C] (Farbar) -- C:\Users\Pete\Desktop\FSS.exe
[2014/02/09 16:39:04 | 004,122,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/02/09 14:46:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/09 00:00:22 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Pete\Desktop\aswmbr.exe
[2014/02/07 11:01:41 | 000,000,000 | ---D | C] -- C:\Users\Pete\AppData\Local\KB9369951
========== Files - Modified Within 30 Days ==========
[2014/02/15 11:49:53 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 11:49:53 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 11:49:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/15 11:49:39 | 2144,538,624 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/15 11:26:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/14 18:17:52 | 000,071,168 | ---- | M] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/14 11:44:11 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/14 11:44:11 | 000,584,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/14 11:44:11 | 000,097,662 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/13 15:28:48 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/02/12 16:54:29 | 000,987,425 | ---- | M] () -- C:\Users\Pete\Desktop\SecurityCheck.exe
[2014/02/11 15:04:00 | 000,002,551 | ---- | M] () -- C:\Users\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2014/02/11 14:46:57 | 000,315,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/11 14:45:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/02/11 14:43:18 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/02/11 14:30:57 | 000,690,960 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/11 14:23:41 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-PETE-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2014/02/11 14:19:39 | 000,001,994 | ---- | M] () -- C:\Users\Pete\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/02/11 14:06:30 | 005,074,688 | ---- | M] () -- C:\Users\Pete\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2014/02/10 13:28:45 | 003,977,750 | ---- | M] () -- C:\Users\Pete\Desktop\servicesbak.reg
[2014/02/10 13:20:35 | 000,006,288 | ---- | M] () -- C:\Users\Pete\Desktop\BITS.reg
[2014/02/10 13:20:29 | 000,000,866 | ---- | M] () -- C:\Users\Pete\Desktop\legacy_wscsvc.reg
[2014/02/10 13:20:25 | 000,000,866 | ---- | M] () -- C:\Users\Pete\Desktop\legacy_sdrsvc.reg
[2014/02/09 18:25:51 | 004,009,167 | ---- | M] () -- C:\Users\Pete\Desktop\ServicesRepair.exe
[2014/02/09 18:25:38 | 001,037,530 | ---- | M] (Thisisu) -- C:\Users\Pete\Desktop\JRT.exe
[2014/02/09 17:40:10 | 001,166,132 | ---- | M] () -- C:\Users\Pete\Desktop\AdwCleaner.exe
[2014/02/09 17:39:38 | 000,453,632 | ---- | M] (Farbar) -- C:\Users\Pete\Desktop\FSS.exe
[2014/02/09 16:39:05 | 004,122,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/02/09 01:48:37 | 000,000,512 | ---- | M] () -- C:\Users\Pete\Desktop\MBR.dat
[2014/02/09 00:00:23 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Pete\Desktop\aswmbr.exe
[2014/02/07 09:06:09 | 000,000,870 | ---- | M] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2014/02/01 15:17:14 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPete.job
========== Files Created - No Company Name ==========
[2014/02/15 11:49:39 | 2144,538,624 | -HS- | C] () -- C:\hiberfil.sys
[2014/02/13 15:38:38 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/13 15:28:48 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/02/13 15:28:47 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2014/02/12 16:54:28 | 000,987,425 | ---- | C] () -- C:\Users\Pete\Desktop\SecurityCheck.exe
[2014/02/11 14:30:57 | 000,690,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/11 14:23:41 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PETE-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2014/02/11 14:19:39 | 000,001,994 | ---- | C] () -- C:\Users\Pete\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/02/11 14:06:29 | 005,074,688 | ---- | C] () -- C:\Users\Pete\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2014/02/10 13:28:45 | 003,977,750 | ---- | C] () -- C:\Users\Pete\Desktop\servicesbak.reg
[2014/02/10 13:20:34 | 000,006,288 | ---- | C] () -- C:\Users\Pete\Desktop\BITS.reg
[2014/02/10 13:20:28 | 000,000,866 | ---- | C] () -- C:\Users\Pete\Desktop\legacy_wscsvc.reg
[2014/02/10 13:20:24 | 000,000,866 | ---- | C] () -- C:\Users\Pete\Desktop\legacy_sdrsvc.reg
[2014/02/09 18:25:47 | 004,009,167 | ---- | C] () -- C:\Users\Pete\Desktop\ServicesRepair.exe
[2014/02/09 17:40:10 | 001,166,132 | ---- | C] () -- C:\Users\Pete\Desktop\AdwCleaner.exe
[2014/02/09 01:48:37 | 000,000,512 | ---- | C] () -- C:\Users\Pete\Desktop\MBR.dat
[2014/02/07 09:06:09 | 000,000,870 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2013/11/12 16:50:15 | 000,000,004 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\cache.ini
[2010/05/12 10:41:48 | 000,004,922 | ---- | C] () -- C:\ProgramData\amjmwaey.gaf
[2009/11/23 18:48:41 | 000,071,168 | ---- | C] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 17:54:46 | 000,005,089 | ---- | C] () -- C:\ProgramData\cbkxtjjv.ukg
[2009/09/09 08:02:33 | 000,000,680 | ---- | C] () -- C:\Users\Pete\AppData\Local\d3d9caps.dat
[2009/08/26 11:24:45 | 000,000,600 | ---- | C] () -- C:\Users\Pete\PUTTY.RND
========== ZeroAccess Check ==========
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 11:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/05/30 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Flip Video
[2009/10/04 00:38:02 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Gamelab
[2010/03/27 23:01:51 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Leadertech
[2010/05/12 10:41:49 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\MOVAVI
[2010/05/12 10:43:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Movavi Flash Converter
[2010/05/12 10:43:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Movavi Flash Converter 2
[2009/08/21 23:18:03 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\SPORE Creature Creator
[2009/08/19 12:21:27 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\WildTangent
========== Purity Check ==========
< End of report >
#43
Posted 15 February 2014 - 12:22 PM
Disable Avira again if you had re-enabled it.
Step-1.
OTL Fix
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.
:COMMANDS
[createrestorepoint]
:OTL
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [Gstion Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Auto] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Tray] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
:COMMANDS
[emptytemp]
Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.
2. Please re-open on your desktop. To do that:
- Vista and 7 users: Right click the icon and click Run as Administrator
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
Step-2.
OTL Custom Scan
1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:
- Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
createrestorepoint
dir "C:\_OTL\MovedFiles*" /S /C
2. Re-open on the desktop. To do that:
- Vista / 7 Users: Right click on the icon and click Run as Administrator)
- You will see a console like the one below:
- Click the box beside Scan All Users at the top of the console
- Click the box beside Include 64bit Scans at the top of the console.
- Make sure the Output box at the top is set to Standard Output.
- Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
- Click the button. Do not change any settings unless otherwise told to do so.
- Let the scan run uninterrupted.
- When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
- Please copy the contents of this file and paste it into your reply. To do that:
- On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
- Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Step-3.
Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL fixes log
2. The new OTL.txt log
#44
Posted 15 February 2014 - 12:58 PM
OTL fix log:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Gstion Update deleted successfully.
File move failed. C:\Windows\SysWOW64\regsvr32.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\IDT Auto deleted successfully.
File move failed. C:\Windows\SysWOW64\regsvr32.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\IDT Tray deleted successfully.
File move failed. C:\Windows\SysWOW64\regsvr32.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\IDT Update deleted successfully.
File move failed. C:\Windows\SysWOW64\regsvr32.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Pete
->Temp folder emptied: 32454 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53459923 bytes
->Flash cache emptied: 578 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 51.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02152014_133028
Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\regsvr32.exe scheduled to be moved on reboot.
C:\Users\Pete\AppData\Local\Temp\ehmsas.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL.txt:
OTL logfile created on: 2/15/2014 1:40:53 PM - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pete\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 32.67% Memory free
4.24 Gb Paging File | 2.31 Gb Available in Paging File | 54.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.18 Gb Total Space | 301.51 Gb Free Space | 66.53% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.99 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
Computer Name: PETE-PC | User Name: Pete | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/02/14 23:21:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/13 15:38:36 | 001,863,048 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
PRC - [2013/01/14 15:10:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pete\Downloads\OTL.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/28 21:31:49 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 19:11:59 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/08/02 16:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/09 17:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/02/09 17:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/02/09 17:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/25 15:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 15:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/28 20:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/14 23:21:41 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/13 15:38:36 | 016,287,624 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
MOD - [2011/12/05 12:49:38 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\a3a76226460de2153a62bdbfed9228b9\System.Management.ni.dll
MOD - [2011/12/05 12:22:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll
MOD - [2011/12/05 12:22:57 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\87f2c180fec78701501d8e3e84fac248\System.EnterpriseServices.ni.dll
MOD - [2011/12/05 12:22:57 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5cbea3b1a1d74123219b69306b8c8af2\System.Transactions.ni.dll
MOD - [2011/12/05 12:22:57 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\87f2c180fec78701501d8e3e84fac248\System.EnterpriseServices.Wrapper.dll
MOD - [2011/12/05 12:18:49 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\550e7b31f1821d964f21f0a854e3f195\System.Data.ni.dll
MOD - [2011/12/05 12:18:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\61019556ac408cc39cc478101b0d3cb4\PresentationFramework.Aero.ni.dll
MOD - [2011/12/05 12:18:39 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0444ab43ccfb3390d2eaab1d9a34772f\PresentationFramework.ni.dll
MOD - [2011/12/05 12:18:23 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll
MOD - [2011/12/05 12:18:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll
MOD - [2011/12/05 12:18:10 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll
MOD - [2011/12/05 12:18:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\207b1e1e2254c7a308efe4f903e52ce2\System.Configuration.ni.dll
MOD - [2011/12/05 12:18:03 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5c25d899e7dcebd6b63d192b79bc6b8e\PresentationCore.ni.dll
MOD - [2011/12/05 12:17:51 | 003,314,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\93391bd2f02e492718c69bef3abc5a64\WindowsBase.ni.dll
MOD - [2011/12/05 12:17:48 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll
MOD - [2011/12/05 12:17:20 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll
MOD - [2010/03/19 09:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/03/19 09:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/03/19 09:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/04/10 23:28:22 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/04/10 19:04:16 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 21:42:20 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 21:42:18 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/12/25 15:41:24 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/11/18 14:03:14 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/11/18 13:57:08 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/11/18 13:57:06 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/11/18 13:56:58 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/11/18 13:56:56 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/11/18 13:56:40 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/11/18 13:56:40 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/11/18 13:56:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
========== Services (SafeList) ==========
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2008/12/31 07:35:14 | 000,934,400 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/10/26 15:49:46 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 10:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/03/18 07:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/02/14 23:21:41 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/13 15:40:37 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/28 21:31:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 19:11:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/09 17:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/02/09 17:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/28 21:31:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 21:31:49 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2008/12/31 09:01:20 | 004,993,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/10/26 15:50:58 | 000,469,504 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/10/23 04:42:06 | 000,128,352 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/09/04 12:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/28 18:57:24 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/24 11:48:10 | 000,250,928 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/06/23 06:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 06:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 06:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/03/21 07:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 20:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/15 03:40:30] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}
IE:64bit: - HKLM\..\SearchScopes\{3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes,DefaultScope = {273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes\{273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes\{7148CB92-9375-4E9C-A5C0-166ACF27981A}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://sports.yahoo....X81xSObsw5nYcB"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Pete\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/14 23:21:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Pete\AppData\Roaming\Move Networks [2009/11/21 19:43:05 | 000,000,000 | ---D | M]
[2011/01/18 15:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Extensions
[2014/02/13 13:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions
[2011/04/10 20:01:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2014/02/13 13:41:06 | 000,536,255 | ---- | M] () (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/02/14 23:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 23:21:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2011/11/24 10:05:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..Trusted Domains: yahoo.com ([sports] http in Trusted sites)
O15 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://www.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC2929E-B9E6-4589-A980-0CD02A9CA469}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89C1B4C5-FB96-4F64-B942-D383F21133F9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/02/14 23:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/13 15:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/02/13 15:12:05 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/02/13 15:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/13 15:11:20 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/02/13 15:11:20 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/02/13 15:11:20 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/02/13 15:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/02/13 15:07:40 | 030,796,712 | ---- | C] (Oracle Corporation) -- C:\Users\Pete\Desktop\jre-7u51-windows-x64.exe
[2014/02/12 14:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/02/11 14:53:56 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/02/11 14:47:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/02/11 14:25:38 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/02/11 14:21:45 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/02/11 14:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/02/11 14:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/02/10 16:45:42 | 000,000,000 | ---D | C] -- C:\Temp
[2014/02/09 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2014/02/09 18:36:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/09 18:25:38 | 001,037,530 | ---- | C] (Thisisu) -- C:\Users\Pete\Desktop\JRT.exe
[2014/02/09 17:41:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/09 17:39:38 | 000,453,632 | ---- | C] (Farbar) -- C:\Users\Pete\Desktop\FSS.exe
[2014/02/09 16:39:04 | 004,122,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/02/09 14:46:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/09 00:00:22 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Pete\Desktop\aswmbr.exe
[2014/02/07 11:01:41 | 000,000,000 | ---D | C] -- C:\Users\Pete\AppData\Local\KB9369951
========== Files - Modified Within 30 Days ==========
[2014/02/15 13:35:04 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 13:35:03 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 13:34:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/15 13:34:47 | 2144,538,624 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/15 13:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/14 18:17:52 | 000,071,168 | ---- | M] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/14 11:44:11 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/14 11:44:11 | 000,584,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/14 11:44:11 | 000,097,662 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/13 15:40:36 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/13 15:40:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/13 15:28:48 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/02/13 15:10:34 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/02/13 15:10:28 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/02/13 15:10:28 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/02/13 15:10:28 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/02/13 15:07:41 | 030,796,712 | ---- | M] (Oracle Corporation) -- C:\Users\Pete\Desktop\jre-7u51-windows-x64.exe
[2014/02/12 16:54:29 | 000,987,425 | ---- | M] () -- C:\Users\Pete\Desktop\SecurityCheck.exe
[2014/02/11 15:04:00 | 000,002,551 | ---- | M] () -- C:\Users\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2014/02/11 14:46:57 | 000,315,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/11 14:45:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/02/11 14:43:18 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/02/11 14:30:57 | 000,690,960 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/11 14:23:41 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-PETE-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2014/02/11 14:19:39 | 000,001,994 | ---- | M] () -- C:\Users\Pete\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/02/11 14:06:30 | 005,074,688 | ---- | M] () -- C:\Users\Pete\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2014/02/10 13:28:45 | 003,977,750 | ---- | M] () -- C:\Users\Pete\Desktop\servicesbak.reg
[2014/02/10 13:20:35 | 000,006,288 | ---- | M] () -- C:\Users\Pete\Desktop\BITS.reg
[2014/02/10 13:20:29 | 000,000,866 | ---- | M] () -- C:\Users\Pete\Desktop\legacy_wscsvc.reg
[2014/02/10 13:20:25 | 000,000,866 | ---- | M] () -- C:\Users\Pete\Desktop\legacy_sdrsvc.reg
[2014/02/09 18:25:51 | 004,009,167 | ---- | M] () -- C:\Users\Pete\Desktop\ServicesRepair.exe
[2014/02/09 18:25:38 | 001,037,530 | ---- | M] (Thisisu) -- C:\Users\Pete\Desktop\JRT.exe
[2014/02/09 17:40:10 | 001,166,132 | ---- | M] () -- C:\Users\Pete\Desktop\AdwCleaner.exe
[2014/02/09 17:39:38 | 000,453,632 | ---- | M] (Farbar) -- C:\Users\Pete\Desktop\FSS.exe
[2014/02/09 16:39:05 | 004,122,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/02/09 01:48:37 | 000,000,512 | ---- | M] () -- C:\Users\Pete\Desktop\MBR.dat
[2014/02/09 00:00:23 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Pete\Desktop\aswmbr.exe
[2014/02/07 09:06:09 | 000,000,870 | ---- | M] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2014/02/01 15:17:14 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPete.job
========== Files Created - No Company Name ==========
[2014/02/15 11:49:39 | 2144,538,624 | -HS- | C] () -- C:\hiberfil.sys
[2014/02/13 15:38:38 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/13 15:28:48 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/02/13 15:28:47 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2014/02/12 16:54:28 | 000,987,425 | ---- | C] () -- C:\Users\Pete\Desktop\SecurityCheck.exe
[2014/02/11 14:30:57 | 000,690,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/11 14:23:41 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PETE-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2014/02/11 14:19:39 | 000,001,994 | ---- | C] () -- C:\Users\Pete\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/02/11 14:06:29 | 005,074,688 | ---- | C] () -- C:\Users\Pete\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2014/02/10 13:28:45 | 003,977,750 | ---- | C] () -- C:\Users\Pete\Desktop\servicesbak.reg
[2014/02/10 13:20:34 | 000,006,288 | ---- | C] () -- C:\Users\Pete\Desktop\BITS.reg
[2014/02/10 13:20:28 | 000,000,866 | ---- | C] () -- C:\Users\Pete\Desktop\legacy_wscsvc.reg
[2014/02/10 13:20:24 | 000,000,866 | ---- | C] () -- C:\Users\Pete\Desktop\legacy_sdrsvc.reg
[2014/02/09 18:25:47 | 004,009,167 | ---- | C] () -- C:\Users\Pete\Desktop\ServicesRepair.exe
[2014/02/09 17:40:10 | 001,166,132 | ---- | C] () -- C:\Users\Pete\Desktop\AdwCleaner.exe
[2014/02/09 01:48:37 | 000,000,512 | ---- | C] () -- C:\Users\Pete\Desktop\MBR.dat
[2014/02/07 09:06:09 | 000,000,870 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2013/11/12 16:50:15 | 000,000,004 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\cache.ini
[2010/05/12 10:41:48 | 000,004,922 | ---- | C] () -- C:\ProgramData\amjmwaey.gaf
[2009/11/23 18:48:41 | 000,071,168 | ---- | C] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 17:54:46 | 000,005,089 | ---- | C] () -- C:\ProgramData\cbkxtjjv.ukg
[2009/09/09 08:02:33 | 000,000,680 | ---- | C] () -- C:\Users\Pete\AppData\Local\d3d9caps.dat
[2009/08/26 11:24:45 | 000,000,600 | ---- | C] () -- C:\Users\Pete\PUTTY.RND
========== ZeroAccess Check ==========
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 11:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Custom Scans ==========
< dir "C:\_OTL\MovedFiles*" /S /C >
Volume in drive C has no label.
Volume Serial Number is 58A9-45C3
Directory of C:\_OTL
02/15/2014 01:31 PM <DIR> MovedFiles
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
1 Dir(s) 322,927,816,704 bytes free
< End of report >
#45
Posted 15 February 2014 - 03:28 PM
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users