Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

isearch fantastigames Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: isearch fantastigames Redirect

Unread postby bonnie » March 19th, 2013, 7:56 am

A couple of things. I just noticed that there is a shortcut on the desktop called "Play Games" that seems to be related to isearch.

ALSO, SystemLook seems to have finally stopped. Here's the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 07:31 on 19/03/2013 by robert
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Community*"
C:\Program Files\Common Files\Adobe\Help\en_US\Photoshop\11.0\images\Community.png -ra---- 3542 bytes [21:01 12/09/2011] [18:44 19/09/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\cs_CZ\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\de_DE\Acrobat Pro\9.0\images\Community.png --a---- 3542 bytes [11:16 22/05/2008] [11:16 22/05/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\de_DE\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Acrobat Pro\9.0\images\Community.png -ra---- 3542 bytes [16:00 14/05/2008] [16:00 14/05/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Dreamweaver\10.0\images\Community.png -ra---- 3542 bytes [20:52 12/09/2011] [01:53 11/09/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Fireworks\10.0\images\Community.png -ra---- 3542 bytes [20:53 12/09/2011] [21:53 04/09/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Flash\10.0_UsingFlash\images\Community.png --a---- 3542 bytes [15:11 17/06/2008] [15:11 17/06/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Flash\10.0_Welcome\images\Community.png --a---- 3542 bytes [16:04 12/06/2008] [16:04 12/06/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Illustrator\14.0\images\Community.png -ra---- 3542 bytes [20:58 12/09/2011] [14:32 10/09/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\InDesign\6.0\Images\Community.png -ra---- 3542 bytes [21:03 12/09/2011] [23:15 04/09/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Photoshop\11.0\images\Community.png -ra---- 3542 bytes [20:59 12/09/2011] [18:38 19/09/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\es_ES\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\fr_FR\Acrobat Pro\9.0\images\Community.png --a---- 3542 bytes [09:06 22/05/2008] [09:06 22/05/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\fr_FR\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\it_IT\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\ja_JP\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\ko_KR\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\nl_NL\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\pl_PL\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\pt_BR\AME\4.0\images\Community.png --a---- 3542 bytes [06:09 26/08/2008] [06:09 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\ru_RU\AME\4.0\images\Community.png --a---- 3542 bytes [06:09 26/08/2008] [06:09 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\sv_SE\AME\4.0\images\Community.png --a---- 3542 bytes [06:09 26/08/2008] [06:09 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\tr_TR\AME\4.0\images\Community.png --a---- 3542 bytes [06:09 26/08/2008] [06:09 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\zh_CN\AME\4.0\images\Community.png --a---- 3542 bytes [06:09 26/08/2008] [06:09 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\zh_TW\AME\4.0\images\Community.png --a---- 3542 bytes [06:09 26/08/2008] [06:09 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Notepad++\user.manual\sites\all\images\NppCommunityLogo.png --a---- 18238 bytes [21:33 18/07/2011] [21:33 18/07/2011] D5191EBF4FFD9AD19580F6038506076A
C:\Users\robert\My Books\Copywriting Materials\David_Garfinkel_-_Ultimate_Copywriting_Crash_Course-www.feedurbrain.com\Week 6\Session6_CommunityConversations.mp3 --a---- 25517531 bytes [12:23 16/09/2011] [03:16 13/02/2010] CE44279C0B3AC0E67417F10DCE3CE8BF
C:\Users\robert\My Books\Copywriting Materials\David_Garfinkel_-_Ultimate_Copywriting_Crash_Course-www.feedurbrain.com\Week 6\Session6_CommunityConversations.mp4 --a---- 105413299 bytes [12:23 16/09/2011] [08:36 13/02/2010] 3B961A1D80875EADD2443F8353F8DF9C

Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206160 bytes [03:32 10/08/2012] [03:32 10/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46

Searching for "*datamngr*"
C:\Program Files (x86)\Settings Alerter\Datamngr\datamngr.dll --a---- 1541168 bytes [12:40 18/03/2013] [13:50 05/02/2013] 2A370653DC99C9B8876757720D30FD9C
C:\Program Files (x86)\Settings Alerter\Datamngr\datamngrUI.exe --a---- 1684016 bytes [12:40 18/03/2013] [13:50 05/02/2013] 78C8DF1E4F9B0387D3F421F76984CC8E
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 1009 bytes [12:40 18/03/2013] [13:50 05/02/2013] C317A7493D9EB507391B0217CEEACAE1
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll --a---- 736768 bytes [12:40 18/03/2013] [13:48 05/02/2013] 77935F2D5196408317AE96183FC13DB1
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll --a---- 736768 bytes [12:40 18/03/2013] [13:48 05/02/2013] F8E4066B8A19D05225EFBFB3BB345BC7
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll --a---- 736768 bytes [12:40 18/03/2013] [13:49 05/02/2013] DF6BDE6E9271BA95B8F8F21E56D08E3D
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll --a---- 737280 bytes [12:40 18/03/2013] [13:49 05/02/2013] FAB3318820BDCFFEC65397F114DFB15F
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll --a---- 737280 bytes [12:40 18/03/2013] [13:49 05/02/2013] E8402F3AB66AD4321C6FEADC80A5DD4D
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF15.dll --a---- 737280 bytes [12:40 18/03/2013] [13:49 05/02/2013] 8E2EA61F426B4312BAE3A35ABB010162
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF16.dll --a---- 737280 bytes [12:40 18/03/2013] [13:50 05/02/2013] 10F81DE0C3AA3C89CE5B5B4B184BDB2B
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF17.dll --a---- 737280 bytes [12:40 18/03/2013] [13:50 05/02/2013] 0E243526D90E23697EB07BC2CE4270DA
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF18.dll --a---- 737280 bytes [12:40 18/03/2013] [13:50 05/02/2013] 3ECFBF081BE329A575DA772A7A1323AB
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 740352 bytes [12:40 18/03/2013] [13:46 05/02/2013] 95B62FF43B66551C385428D7EBD0646E
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 737280 bytes [12:40 18/03/2013] [13:46 05/02/2013] 51A16DD4C3D43B18F1B7AE14AB0BEF72
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 737280 bytes [12:40 18/03/2013] [13:47 05/02/2013] 6394FC6EE9CBE603E2569AE8DE27C737
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 737280 bytes [12:40 18/03/2013] [13:47 05/02/2013] C356864647EAE08CDE70191300413F55
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 737280 bytes [12:40 18/03/2013] [13:47 05/02/2013] A9720B129FE0243A5A1FE3A179DE93AB
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll --a---- 737280 bytes [12:40 18/03/2013] [13:48 05/02/2013] 158F977467B49DF851873F07A38ECEDA
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll --a---- 737280 bytes [12:40 18/03/2013] [13:48 05/02/2013] 7786271B890DA132BEC91E15951F8193
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 19255 bytes [12:40 18/03/2013] [08:54 16/10/2012] 0482F311EC3BEFB2018232CC83E2D867
C:\_OTL\MovedFiles\03192013_060915\C_Program Files (x86)\Settings Alerter\Datamngr\x64\datamngr.dll --a---- 2017840 bytes [12:40 18/03/2013] [13:50 05/02/2013] B282A85028488BA1D36925259F7BC1E8

Searching for "*fantastigames*"
C:\Users\robert\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\9JTH343H\isearch.fantastigames[1].xml --a---- 1247 bytes [20:49 18/03/2013] [20:49 18/03/2013] ECE3456DDF6C193C3B475C7C4CFEA485

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Tarma*"
C:\Users\robert\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1\Local Store\rdsulli2007@gmail.com\library\publishers\Star Magazine.png --a---- 97499 bytes [01:45 01/12/2012] [00:42 17/12/2012] 865A4AD459879FF3885F237E8F6F6F5D

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Community*"
C:\Program Files (x86)\Common Files\Adobe\Templates\en_US\InDesign\6.0\Community Newspaper d------ [21:03 12/09/2011]

Searching for "*Conduit*"
No folders found.

Searching for "*datamngr*"
C:\Program Files (x86)\Settings Alerter\Datamngr d------ [12:40 18/03/2013]
C:\_OTL\MovedFiles\03192013_060915\C_Program Files (x86)\Settings Alerter\Datamngr d------ [10:09 19/03/2013]

Searching for "*fantastigames*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediaactivextask.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediaactivextask.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediaactivextask.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediaactivextask.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediaactivextask.com]
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediaactivextask.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Bandoo"
No data found.

Searching for "Community"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="leShort~Spn-http~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{PluginFilename~Shxmedplyeng.dll~ComponentCLSID~XAwQAAAEJ0RGLBgCgJEBtWQ==}{PluginFilename~Shxnetwksvc.dll~ComponentCLSID~XWo5XqUd82BGLywACs2WHIA==}{IndexNumber~N0~LoadMultiple~N1~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the Real
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="egurl|audio/scpls|audio/x-scpls~FileOpenNames~SMP3 Playlist Files (*.m3u,*.pls,*.xpl)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3metaff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/X-MP3-draft-00|audio/X-MP3-draft-00-RN|audio/MPEG-ELEMENTARY|audio/MPEG-ELEMENTARY-RN|audio/MPEG-ELEMENTARY-RAW|audio/rn-mpeg|audio/mpa-robust|audio/MPA|audio/mp1s|audio/mp2p|audio/vnd.rn-mp1s|audio/vnd.rn-mp2p}{IndexNumber~N0~LoadMultiple~N1~Version~N-268419019~Copyright~SCopyright(c
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="etworks Internet Video Recording Manager Plugin~DRMId~SRAV2~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_SOURCE_HANDLER~SOURCE_HANDLER_GUID~SA672077B-2DB6-492B-A079096204BF1B28~SourceHandlerType~SSOURCE_HANDLER_DRM}{IndexNumber~N1~LoadMultiple~N1~Renderer_Granularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sivr-null}{IndexNumber~N0~LoadMultiple~N1~Version~N-268419019~Copyright~S(c) 1995,1996,1997 RealNetworks, All rights reserved.~Description~SRecord File Format Plugin~FileExtensions~Srec|ivr~FileMime~Sapplication/x-pn-recordfileformat~FileOpenNames~SInternet Video Recording (*.ivr)~PlgCopy~Shttp://www.real.com~PluginFilename~Srecf3260.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N3~LoadMultiple~N1~Renderer_Granularity~N200~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Synchronized Renderer Plugin~PlgCopy~Shttp:/
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey]
"Publisher"="AutoHotkey Community"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wireshark]
"Publisher"="The Wireshark developer community, http://www.wireshark.org"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.1.183]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\Dell Laser 1100]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\Dell Laser 1110]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.1.183]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\Standard TCP/IP Port\Ports\Dell Laser 1100]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\Standard TCP/IP Port\Ports\Dell Laser 1110]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.1.183]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\Dell Laser 1100]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\Dell Laser 1110]
"SNMP Community"="public"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{I
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="leShort~Spn-http~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{PluginFilename~Shxmedplyeng.dll~ComponentCLSID~XAwQAAAEJ0RGLBgCgJEBtWQ==}{PluginFilename~Shxnetwksvc.dll~ComponentCLSID~XWo5XqUd82BGLywACs2WHIA==}{IndexNumber~N0~LoadMultiple~N1~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="egurl|audio/scpls|audio/x-scpls~FileOpenNames~SMP3 Playlist Files (*.m3u,*.pls,*.xpl)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3metaff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/X-MP3-draft-00|audio/X-MP3-draft-00-RN|audio/MPEG-ELEMENTARY|audio/MPEG-ELEMENTARY-RN|audio/MPEG-ELEMENTARY-RAW|audio/rn-mpeg|audio/mpa-robust|audio/MPA|audio/mp1s|audio/mp2p|audio/vnd.rn-mp1s|audio/vnd.rn-mp2p}{IndexNumber~N0~LoadMultiple~N1~Ve
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="etworks Internet Video Recording Manager Plugin~DRMId~SRAV2~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_SOURCE_HANDLER~SOURCE_HANDLER_GUID~SA672077B-2DB6-492B-A079096204BF1B28~SourceHandlerType~SSOURCE_HANDLER_DRM}{IndexNumber~N1~LoadMultiple~N1~Renderer_Granularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sivr-null}{IndexNumber~N0~LoadMultiple~N1~Version~N-268419019~Copyright~S(c) 1995,1996,1997 RealNetworks, All rights reserved.~Description~SRecord File Format Plugin~FileExtensions~Srec|ivr~FileMime~Sapplication/x-pn-recordfileformat~FileOpenNames~SInternet Video Recording (*.ivr)~PlgCopy~Shttp://www.real.com~PluginFilename~Srecf3260.dll~PluginT
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N3~LoadMultiple~N1~Renderer_Granularity~N200~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Sync
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"D8EF64479F1C24D4AAEAD5CB5E68506A"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\D8EF64479F1C24D4AAEAD5CB5E68506A]
"File"="iSyncConduit.dll"

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Settings Alerter]
"RunDName"="C:\Program Files (x86)\Settings Alerter\Datamngr\installhelper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"

Searching for "fantastigames"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fantastigames.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\ProgID]
@="FantastiGamesIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\VersionIndependentProgID]
@="FantastiGamesIEHelper.UrlHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\ProgID]
@="FantastiGamesIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\VersionIndependentProgID]
@="FantastiGamesIEHelper.UrlHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FantastiGames_Setup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FantastiGames_Setup_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\ProgID]
@="FantastiGamesIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\VersionIndependentProgID]
@="FantastiGamesIEHelper.UrlHelper"
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fantastigames.com]

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
No data found.

Searching for "Tarma"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mml\OpenWithProgIDs]
"soffice.StarMathDocument.6"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sxm]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sxm\OpenWithProgIDs]
"soffice.StarMathDocument.6"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument\CurVer]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument.6]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\ProgID]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\VersionIndependentProgID]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\OpenOffice.org\OpenOffice.org\3.3\Capabilities\FileAssociations]
".mml"="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\OpenOffice.org\OpenOffice.org\3.3\Capabilities\FileAssociations]
".sxm"="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\ProgID]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\VersionIndependentProgID]
@="soffice.StarMathDocument.6"

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm
Advertisement
Register to Remove

Re: isearch fantastigames Redirect

Unread postby pgmigg » March 19th, 2013, 11:49 am

Hello bonnie,
A. SystemLook doesn't seem to be working. I ran for over 1/2 hour and it was still running?
D. System look is still running? Doesn't seem to be working. How long does it usually take to complete?
Actually many scans during research and diagnostic steps are needed a lot of time to finish - it depends on many parameters such as used space on hard drive, the volume of memory, the processor power, etc. So please be patient...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Program Files (x86)\Settings Alerter\Datamngr
    C:\Users\robert\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\9JTH343H\isearch.fantastigames[1].xml
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Settings Alerter]
    "RunDName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
    @=""
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fantastigames.com]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\ProgID]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\VersionIndependentProgID]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\ProgID]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\VersionIndependentProgID]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FantastiGames_Setup_RASAPI32]
    -[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FantastiGames_Setup_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\ProgID]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\VersionIndependentProgID]
    @=""
    [-HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fantastigames.com]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Trolltech]
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
SystemLook
You should still have SystemLook_x64.exe on your desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    *datamngr*
    *fantastigames*
    
    :folderfind
    *datamngr*
    
    :Regfind
    Babylon
    datamngr
    fantastigames
    trolltech
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 3.
AdwCleaner - Search
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator..." to run it.
  3. Click on Search.
  4. A logfile will automatically open after the scan has finished.
  5. Please post the content of that logfile with your next reply.
  6. You can find the logfile at C:\AdwCleaner[R1].txt as well.

Step 4.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Contents of the AdwCleaner[R1].txt log file
  5. Contents of the most recent OTL.txt file after fresh OTL scan
  6. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3176
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: isearch fantastigames Redirect

Unread postby bonnie » March 19th, 2013, 12:31 pm

OTL crashes (not responding) after it gets to:


[-HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fantastigames.com]
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: isearch fantastigames Redirect

Unread postby bonnie » March 19th, 2013, 12:38 pm

I'm sorry OTL crashes here:

-[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FantastiGames_Setup_RASMANCS]
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: isearch fantastigames Redirect

Unread postby pgmigg » March 19th, 2013, 2:14 pm

Hello bonnie,
I'm sorry OTL crashes here:

-[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FantastiGames_Setup_RASMANCS]
You are absolutely right!
I am sorry, it is my fault.

Please change the Step 1 with the following:

OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Program Files (x86)\Settings Alerter\Datamngr
    C:\Users\robert\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\9JTH343H\isearch.fantastigames[1].xml
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Settings Alerter]
    "RunDName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
    @=""
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fantastigames.com]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\ProgID]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\VersionIndependentProgID]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\ProgID]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\VersionIndependentProgID]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FantastiGames_Setup_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FantastiGames_Setup_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\ProgID]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\VersionIndependentProgID]
    @=""
    [-HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fantastigames.com]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Trolltech]
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3176
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: isearch fantastigames Redirect

Unread postby bonnie » March 19th, 2013, 2:42 pm

much better :)

A. All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Program Files (x86)\Settings Alerter\Datamngr not found.
File\Folder C:\Users\robert\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\9JTH343H\isearch.fantastigames[1].xml not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Settings Alerter\\RunDName not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fantastigames.com\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\ProgID\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\VersionIndependentProgID\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\ProgID\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\VersionIndependentProgID\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FantastiGames_Setup_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FantastiGames_Setup_RASMANCS\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\ProgID\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\VersionIndependentProgID\\@|"" /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fantastigames.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Trolltech\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: robert
->Temp folder emptied: 1935 bytes
->Temporary Internet Files folder emptied: 62108 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37301286 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4206 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 1204224 bytes

Total Files Cleaned = 37.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03192013_143640

Files\Folders moved on Reboot...
C:\Users\robert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: isearch fantastigames Redirect

Unread postby bonnie » March 19th, 2013, 2:50 pm

Sorry previous entry should have been B and not A.

C.

SystemLook 30.07.11 by jpshortstuff
Log created at 14:43 on 19/03/2013 by robert
Administrator - Elevation successful

========== filefind ==========

Searching for "*datamngr*"
C:\_OTL\MovedFiles\03192013_060915\C_Program Files (x86)\Settings Alerter\Datamngr\x64\datamngr.dll --a---- 2017840 bytes [12:40 18/03/2013] [13:50 05/02/2013] B282A85028488BA1D36925259F7BC1E8
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\datamngr.dll --a---- 1541168 bytes [12:40 18/03/2013] [13:50 05/02/2013] 2A370653DC99C9B8876757720D30FD9C
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\datamngrUI.exe --a---- 1684016 bytes [12:40 18/03/2013] [13:50 05/02/2013] 78C8DF1E4F9B0387D3F421F76984CC8E
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 1009 bytes [12:40 18/03/2013] [13:50 05/02/2013] C317A7493D9EB507391B0217CEEACAE1
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll --a---- 736768 bytes [12:40 18/03/2013] [13:48 05/02/2013] 77935F2D5196408317AE96183FC13DB1
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll --a---- 736768 bytes [12:40 18/03/2013] [13:48 05/02/2013] F8E4066B8A19D05225EFBFB3BB345BC7
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll --a---- 736768 bytes [12:40 18/03/2013] [13:49 05/02/2013] DF6BDE6E9271BA95B8F8F21E56D08E3D
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll --a---- 737280 bytes [12:40 18/03/2013] [13:49 05/02/2013] FAB3318820BDCFFEC65397F114DFB15F
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll --a---- 737280 bytes [12:40 18/03/2013] [13:49 05/02/2013] E8402F3AB66AD4321C6FEADC80A5DD4D
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF15.dll --a---- 737280 bytes [12:40 18/03/2013] [13:49 05/02/2013] 8E2EA61F426B4312BAE3A35ABB010162
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF16.dll --a---- 737280 bytes [12:40 18/03/2013] [13:50 05/02/2013] 10F81DE0C3AA3C89CE5B5B4B184BDB2B
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF17.dll --a---- 737280 bytes [12:40 18/03/2013] [13:50 05/02/2013] 0E243526D90E23697EB07BC2CE4270DA
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF18.dll --a---- 737280 bytes [12:40 18/03/2013] [13:50 05/02/2013] 3ECFBF081BE329A575DA772A7A1323AB
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 740352 bytes [12:40 18/03/2013] [13:46 05/02/2013] 95B62FF43B66551C385428D7EBD0646E
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 737280 bytes [12:40 18/03/2013] [13:46 05/02/2013] 51A16DD4C3D43B18F1B7AE14AB0BEF72
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 737280 bytes [12:40 18/03/2013] [13:47 05/02/2013] 6394FC6EE9CBE603E2569AE8DE27C737
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 737280 bytes [12:40 18/03/2013] [13:47 05/02/2013] C356864647EAE08CDE70191300413F55
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 737280 bytes [12:40 18/03/2013] [13:47 05/02/2013] A9720B129FE0243A5A1FE3A179DE93AB
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll --a---- 737280 bytes [12:40 18/03/2013] [13:48 05/02/2013] 158F977467B49DF851873F07A38ECEDA
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll --a---- 737280 bytes [12:40 18/03/2013] [13:48 05/02/2013] 7786271B890DA132BEC91E15951F8193
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 19255 bytes [12:40 18/03/2013] [08:54 16/10/2012] 0482F311EC3BEFB2018232CC83E2D867

Searching for "*fantastigames*"
C:\_OTL\MovedFiles\03192013_120706\C_Users\robert\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\9JTH343H\isearch.fantastigames[1].xml --a---- 1247 bytes [20:49 18/03/2013] [20:49 18/03/2013] ECE3456DDF6C193C3B475C7C4CFEA485

========== folderfind ==========

Searching for "*datamngr*"
C:\_OTL\MovedFiles\03192013_060915\C_Program Files (x86)\Settings Alerter\Datamngr d------ [10:09 19/03/2013]
C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr d------ [12:40 18/03/2013]

========== Regfind ==========

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"

Searching for "fantastigames"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\ProgID]
@="FantastiGamesIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\VersionIndependentProgID]
@="FantastiGamesIEHelper.UrlHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\ProgID]
@="FantastiGamesIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\VersionIndependentProgID]
@="FantastiGamesIEHelper.UrlHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\ProgID]
@="FantastiGamesIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\VersionIndependentProgID]
@="FantastiGamesIEHelper.UrlHelper"

Searching for "trolltech"
No data found.

-= EOF =-
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: isearch fantastigames Redirect

Unread postby bonnie » March 19th, 2013, 2:54 pm

D.

# AdwCleaner v2.115 - Logfile created 03/19/2013 at 14:52:49
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : robert - ROBERT-HP
# Boot Mode : Normal
# Running from : C:\Users\robert\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\jetpack
Folder Found : C:\Users\robert\Documents\Software

***** [Registry] *****

Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\DataMngr
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.30] : search_url = "hxxp://isearch.fantastigames.com/web?src=crb&gct=ds&appid=107&systemid=465&q={searchTerms}"
Found [l.1998] : homepage = "hxxp://isearch.fantastigames.com/465",
Found [l.2590] : urls_to_restore_on_startup = [ "hxxp://isearch.fantastigames.com/465" ]

*************************

AdwCleaner[R1].txt - [1767 octets] - [19/03/2013 14:52:49]

########## EOF - C:\AdwCleaner[R1].txt - [1827 octets] ##########
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: isearch fantastigames Redirect

Unread postby bonnie » March 19th, 2013, 3:11 pm

E.

OTL logfile created on: 3/19/2013 3:06:51 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\robert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 77.85% Memory free
15.90 Gb Paging File | 14.20 Gb Available in Paging File | 89.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.87 Gb Total Space | 545.57 Gb Free Space | 79.78% Space Free | Partition Type: NTFS
Drive D: | 14.47 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.59 Mb Free Space | 85.56% Space Free | Partition Type: FAT32

Computer Name: ROBERT-HP | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/03/18 19:35:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
PRC - [2013/02/10 19:20:24 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/01/20 15:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/11 14:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/08 15:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/18 01:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/18 01:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/18 01:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files (x86)\WordWeb\wweb32.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/13 16:10:08 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/13 16:09:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/09 10:23:31 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll
MOD - [2013/01/09 10:23:31 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll
MOD - [2013/01/09 07:44:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 07:43:53 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 07:43:38 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/09 07:43:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\571b85634abf2fba6bab80c21a347081\System.Xml.ni.dll
MOD - [2013/01/09 07:43:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 07:43:27 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 07:43:21 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/19 20:59:06 | 000,022,736 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/06/12 13:34:59 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/11/29 15:19:55 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/11/29 15:19:52 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/09/12 16:36:52 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/05/27 12:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/02/12 09:45:26 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)
SRV - [2013/03/15 13:35:38 | 000,258,776 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 21:16:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/29 15:17:50 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/09/12 16:34:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/24 21:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/02/18 01:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/15 18:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/12 13:35:04 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2012/06/12 13:34:59 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/12 13:34:59 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/29 15:19:55 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/11/29 15:17:50 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/11/29 15:16:20 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/11/29 15:16:20 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/13 07:34:42 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 18:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/05/27 12:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 12:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 21:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 20:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/06/28 09:45:26 | 000,632,704 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini)
DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20110913&iesrc={referrer:source}
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.0.2
FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.19.2
FF - prefs.js..extensions.enabledAddons: amptra%40keepa.com:1.03
FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3
FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_141.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_141.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\robert\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\robert\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/22 14:34:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/18 15:32:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/12 07:01:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/18 19:22:39 | 000,000,000 | ---D | M]

[2013/03/18 08:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Extensions
[2013/03/19 12:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions
[2012/11/29 22:26:00 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013/01/08 14:07:13 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/11/29 22:13:54 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2013/02/13 07:39:41 | 000,016,052 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\amptra@keepa.com.xpi
[2013/03/08 13:58:18 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2013/02/14 21:05:48 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/28 20:11:50 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2013/02/15 08:20:05 | 000,010,339 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\searchplugins\duckduckgo-1.xml
[2013/02/15 08:20:01 | 000,010,339 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\searchplugins\duckduckgo.xml
[2013/03/18 08:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 21:15:59 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2013/03/07 21:16:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/20 02:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/19 21:06:13 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Web Search ()
CHR - default_search_provider: search_url = http://isearch.fantastigames.com/web?sr ... mid=465&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://isearch.fantastigames.com/465
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: HP Product Detection Plugin = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.23.1_0\
CHR - Extension: Website Logon = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\
CHR - Extension: YouTube = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Forecastfox = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/03/19 06:11:05 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} http://www.iradiopop.com/IRD/INDBrowser.CAB (INDBrowser Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8C2D1BF0-5364-403C-9968-E6E348C6B4FB} http://www.iradiopop.com/IRD/pages/VBIRDPlayer.CAB (VBIRDPlayer.Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0}: NameServer = 8.8.8.8,8.8.8.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (c:\progra~3\wincert\win64c~1.dll) - c:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1e45ebb7-03db-11e2-9c5f-101f7415e3e8}\Shell - "" = AutoRun
O33 - MountPoints2\{1e45ebb7-03db-11e2-9c5f-101f7415e3e8}\Shell\AutoRun\command - "" = G:\TVRadio.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/19 06:24:10 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\tdsskiller.exe
[2013/03/19 06:09:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/18 19:35:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2013/03/18 19:20:18 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/03/18 19:19:58 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/18 19:17:42 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\robert\Desktop\JRT.exe
[2013/03/18 11:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2013/03/18 09:06:04 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\robert\Desktop\dds.scr
[2013/03/18 08:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fake Voice
[2013/03/18 08:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FGIcon
[2013/03/18 08:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013/03/18 08:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Settings Alerter
[2013/03/13 15:33:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/13 15:33:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/13 15:33:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/13 15:33:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/13 15:33:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/13 15:33:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/13 15:33:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/13 15:33:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/13 15:33:29 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/13 15:33:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/13 15:33:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/13 15:33:28 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/13 15:33:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/13 15:33:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/13 15:33:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/12 07:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2013/03/08 14:53:26 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/03/08 14:53:13 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/03/08 14:53:13 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/03/08 14:53:13 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/03/08 14:52:07 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/08 14:51:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/03/08 14:51:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/03/08 14:51:54 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/07 21:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/06 15:19:32 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\test_data
[2013/03/06 15:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2013/03/06 15:16:06 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\Audacity
[2013/03/06 15:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013/03/06 15:15:43 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\Programs
[2013/02/27 16:47:02 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/27 16:47:02 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/27 16:47:02 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/27 16:47:02 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/27 16:46:52 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/27 16:46:52 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/27 16:46:49 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 16:46:49 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 16:46:49 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 16:46:49 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 16:46:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 16:46:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 16:46:49 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 16:46:48 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/27 16:46:48 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/27 16:46:48 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 16:46:47 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/27 16:46:47 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/27 16:46:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 16:46:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 16:46:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 16:46:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 16:46:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 16:46:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 16:46:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 16:46:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 16:46:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 16:46:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 16:46:46 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/27 16:46:46 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/27 16:46:46 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/27 16:46:46 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/27 16:46:46 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/27 16:46:46 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/27 16:46:45 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/27 16:46:45 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/27 16:46:45 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/27 16:46:45 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/27 16:46:44 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/27 16:46:44 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/27 16:46:44 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/24 18:36:35 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2011/09/13 07:34:42 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\robert\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/03/19 14:55:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3434975647-2719533202-2998227652-1000UA.job
[2013/03/19 14:51:40 | 000,609,993 | ---- | M] () -- C:\Users\robert\Desktop\adwcleaner.exe
[2013/03/19 14:46:35 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 14:46:35 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 14:39:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/19 14:38:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/19 14:38:09 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/19 14:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/19 14:25:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/19 07:09:30 | 000,165,376 | ---- | M] () -- C:\Users\robert\Desktop\SystemLook_x64(2).exe
[2013/03/19 06:24:18 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\tdsskiller.exe
[2013/03/19 06:11:05 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/03/18 22:03:05 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3434975647-2719533202-2998227652-1000Core.job
[2013/03/18 19:35:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2013/03/18 19:17:49 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\robert\Desktop\JRT.exe
[2013/03/18 16:37:44 | 000,025,088 | ---- | M] () -- C:\Users\robert\Desktop\codecheck.exe
[2013/03/18 16:35:18 | 000,681,984 | ---- | M] () -- C:\Users\robert\Desktop\CKScanner.exe
[2013/03/18 09:06:09 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\robert\Desktop\dds.scr
[2013/03/18 08:40:31 | 000,001,092 | ---- | M] () -- C:\Users\robert\Desktop\Play Games.lnk
[2013/03/15 13:35:38 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/15 13:35:38 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/15 06:46:24 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForrobert.job
[2013/03/13 06:13:14 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/13 06:13:14 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/13 06:13:14 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/10 15:41:20 | 001,666,162 | ---- | M] () -- C:\Users\robert\Desktop\TheLittleBookThatBeatTheMarket.pdf
[2013/03/10 14:17:59 | 038,143,107 | ---- | M] () -- C:\Users\robert\Desktop\Al Brooks - Reading Price Charts Bar by Bar.pdf
[2013/03/08 14:53:08 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/03/08 14:53:07 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/03/08 14:53:07 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/03/08 14:53:07 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/03/08 14:53:06 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/03/08 14:53:06 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/03/08 14:51:47 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/08 14:51:45 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/08 14:51:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/03/08 14:51:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/03/08 14:51:44 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/03/08 14:51:44 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/03/06 15:35:27 | 000,006,499 | ---- | M] () -- C:\Users\robert\Desktop\Untitled.camproj
[2013/03/06 15:21:19 | 000,001,652 | ---- | M] () -- C:\Users\robert\Desktop\test.aup
[2013/03/06 15:20:09 | 000,157,987 | ---- | M] () -- C:\Users\robert\Desktop\test.mp3
[2013/03/05 17:00:58 | 000,095,163 | ---- | M] () -- C:\Users\robert\Desktop\SloanK.pdf
[2013/03/04 21:03:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/03 19:48:20 | 000,001,785 | ---- | M] () -- C:\Users\robert\Desktop\Trading With Bollinger Bands with Toni Turner - Shortcut.lnk
[2013/03/03 19:48:20 | 000,001,677 | ---- | M] () -- C:\Users\robert\Desktop\Bollinger_Bandit_Trading_Strategy - Shortcut.lnk
[2013/03/03 19:48:20 | 000,001,654 | ---- | M] () -- C:\Users\robert\Desktop\Cut Your Trading Taxes in Half - Shortcut.lnk
[2013/03/03 19:48:20 | 000,001,564 | ---- | M] () -- C:\Users\robert\Desktop\1-2-3 Trading Signal - Shortcut.lnk
[2013/03/03 19:48:20 | 000,001,551 | ---- | M] () -- C:\Users\robert\Desktop\Trend_Determination - Shortcut.lnk
[2013/02/24 17:46:37 | 001,981,654 | ---- | M] () -- C:\Users\robert\Desktop\The Silva Mind Control Method-Jose Silva.pdf

========== Files Created - No Company Name ==========

[2013/03/19 14:51:28 | 000,609,993 | ---- | C] () -- C:\Users\robert\Desktop\adwcleaner.exe
[2013/03/19 07:09:30 | 000,165,376 | ---- | C] () -- C:\Users\robert\Desktop\SystemLook_x64(2).exe
[2013/03/18 16:37:43 | 000,025,088 | ---- | C] () -- C:\Users\robert\Desktop\codecheck.exe
[2013/03/18 16:35:16 | 000,681,984 | ---- | C] () -- C:\Users\robert\Desktop\CKScanner.exe
[2013/03/18 08:40:31 | 000,001,092 | ---- | C] () -- C:\Users\robert\Desktop\Play Games.lnk
[2013/03/10 15:42:07 | 001,666,162 | ---- | C] () -- C:\Users\robert\Desktop\TheLittleBookThatBeatTheMarket.pdf
[2013/03/10 14:17:56 | 038,143,107 | ---- | C] () -- C:\Users\robert\Desktop\Al Brooks - Reading Price Charts Bar by Bar.pdf
[2013/03/06 15:35:15 | 000,006,499 | ---- | C] () -- C:\Users\robert\Desktop\Untitled.camproj
[2013/03/06 15:20:09 | 000,157,987 | ---- | C] () -- C:\Users\robert\Desktop\test.mp3
[2013/03/06 15:19:32 | 000,001,652 | ---- | C] () -- C:\Users\robert\Desktop\test.aup
[2013/03/06 15:16:01 | 000,000,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013/03/05 17:01:06 | 000,095,163 | ---- | C] () -- C:\Users\robert\Desktop\SloanK.pdf
[2013/02/28 20:41:46 | 000,001,785 | ---- | C] () -- C:\Users\robert\Desktop\Trading With Bollinger Bands with Toni Turner - Shortcut.lnk
[2013/02/28 20:35:08 | 000,001,551 | ---- | C] () -- C:\Users\robert\Desktop\Trend_Determination - Shortcut.lnk
[2013/02/28 20:32:31 | 000,001,654 | ---- | C] () -- C:\Users\robert\Desktop\Cut Your Trading Taxes in Half - Shortcut.lnk
[2013/02/28 20:31:25 | 000,001,677 | ---- | C] () -- C:\Users\robert\Desktop\Bollinger_Bandit_Trading_Strategy - Shortcut.lnk
[2013/02/28 20:30:13 | 000,001,564 | ---- | C] () -- C:\Users\robert\Desktop\1-2-3 Trading Signal - Shortcut.lnk
[2013/02/24 17:46:36 | 001,981,654 | ---- | C] () -- C:\Users\robert\Desktop\The Silva Mind Control Method-Jose Silva.pdf
[2012/09/02 10:26:07 | 000,000,288 | ---- | C] () -- C:\Users\robert\AppData\Roaming\.backup.dm
[2012/08/19 16:45:51 | 000,000,059 | ---- | C] () -- C:\Windows\ANS2000.INI
[2012/08/19 16:45:51 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2012/08/19 16:45:51 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2012/07/11 08:32:01 | 000,000,076 | ---- | C] () -- C:\Windows\Setup Wizard.INI
[2012/06/12 13:36:08 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/06/12 13:36:08 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/12 13:36:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/06/12 13:36:05 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/14 15:17:56 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\DSPlayer.dll
[2012/02/15 08:47:00 | 000,007,608 | ---- | C] () -- C:\Users\robert\AppData\Local\Resmon.ResmonCfg
[2011/12/21 12:13:39 | 000,005,120 | ---- | C] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/21 12:13:13 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/21 12:13:13 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/21 12:12:18 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2011/11/01 19:55:31 | 000,060,304 | ---- | C] () -- C:\Users\robert\g2mdlhlpx.exe
[2011/09/30 22:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/21 22:11:17 | 000,000,115 | ---- | C] () -- C:\Windows\iwatch.ini
[2011/09/19 11:31:04 | 000,057,344 | ---- | C] () -- C:\Windows\StkUnist.exe
[2011/09/13 07:34:42 | 000,007,859 | ---- | C] () -- C:\Users\robert\AppData\Roaming\pcouffin.cat
[2011/09/13 07:34:42 | 000,001,167 | ---- | C] () -- C:\Users\robert\AppData\Roaming\pcouffin.inf
[2011/09/12 10:43:50 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/05 17:55:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/05 17:46:22 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/09/05 17:45:07 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/09/05 17:41:04 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/06/21 15:43:27 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/03/25 18:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

========== ZeroAccess Check ==========

[2012/11/10 00:09:20 | 000,000,596 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2012/11/10 00:09:20 | 000,000,596 | ---- | M] () -- C:\Users\robert\Desktop\FF-BUs\Old Firefox Data\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2012/11/10 00:09:20 | 000,000,596 | ---- | M] () -- C:\Users\robert\Desktop\Old Firefox Data-1\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: isearch fantastigames Redirect

Unread postby bonnie » March 19th, 2013, 3:15 pm

I do not note any changes in computer behavior.

Chrome is still starts up isearch redirect.
Still have shortcut on desktop associated with fantasticgames named "play games"
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: isearch fantastigames Redirect

Unread postby bonnie » March 20th, 2013, 10:26 am

I just noticed that if I go into control panel > programs and features, it is showing that I installed several programs today and yesterday. I have not installed anything. Some of these program may have already been installed previously, but I didn't install between today and yesterday.
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: isearch fantastigames Redirect

Unread postby pgmigg » March 20th, 2013, 2:13 pm

Hello bonnie,
Still have shortcut on desktop associated with fantasticgames named "play games"
Please delete that icon...
I just noticed that if I go into control panel > programs and features, it is showing that I installed several programs today and yesterday. I have not installed anything. Some of these program may have already been installed previously, but I didn't install between today and yesterday.
Please list that programs in your next reply...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3176
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: isearch fantastigames Redirect

Unread postby bonnie » March 20th, 2013, 2:44 pm

Programs showing as installed on 3/20/2013
Google Talk Plugin (I did install this previous to this date though)
Adobe Flash Player 11 Plugin (I did install this previous to this date though)

Programs showing as installed on 3/19/2013
Settings Alerter
Adobe Flash Player 11 Active X (I did install this previous to this date though)
Octoshape add-in for Adobe Flash Player
GoToMeeting 5.1.0.880
Dropbox (I did install previous to this date)
Microsoft Visual C++2005 Redistributable
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: isearch fantastigames Redirect

Unread postby pgmigg » March 20th, 2013, 5:48 pm

Hello bonnie,

Thank you! :) Let continue...

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Settings Alerter
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Step 2.
AdwCleaner - Fix
You should still have AdwCleaner on your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Delete.
  4. Select OK at each prompt. When done, your computer will be rebooted automatically.
  5. A logfile C:\AdwCleaner[S1].txt will automatically open after the scan has finished.
  6. Please post the content of the C:\AdwCleaner[S1].txt logfile in your next reply.

Step 3.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[S1].txt log file
  3. Contents of the most recent OTL.txt file after fresh OTL scan
  4. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3176
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: isearch fantastigames Redirect

Unread postby bonnie » March 20th, 2013, 6:29 pm

A. No problems with instructions so far.

B.

# AdwCleaner v2.115 - Logfile created 03/20/2013 at 18:23:10
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : robert - ROBERT-HP
# Boot Mode : Normal
# Running from : C:\Users\robert\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\jetpack
Folder Deleted : C:\Users\robert\Documents\Software

***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\DataMngr
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.33] : keyword = "search-results.com",
Deleted [l.36] : search_url = "hxxp://isearch.fantastigames.com/web?src=crb&gct=ds&appid=107&systemid=465&q={s[...]

*************************

AdwCleaner[R1].txt - [1894 octets] - [19/03/2013 14:52:49]
AdwCleaner[S1].txt - [1511 octets] - [20/03/2013 18:23:10]

########## EOF - C:\AdwCleaner[S1].txt - [1571 octets] ##########
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware