Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox Google Searches Are Being Censored

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Firefox Google Searches Are Being Censored

Unread postby bonnie » June 23rd, 2013, 11:25 am

This happens regularly. When I search using Firefox and Google, my results will be displayed, but many of the links do not lead to the webpages specified. If I open chrome and enter the same search term, all of the webpages seem to be available. As an example, I just searched Google for: "Cable TV News Online" without the quotes. The links for 4 of the top 5 results do not work using Firefox, but they all work using Chrome. Here are my logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.25.2
Run by robert at 11:18:11 on 2013-06-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.6009 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} - hxxp://www.iradiopop.com/IRD/INDBrowser.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8C2D1BF0-5364-403C-9968-E6E348C6B4FB} - hxxp://www.iradiopop.com/IRD/pages/VBIRDPlayer.CAB
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0}\C696E6B6379737 : NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8310BB86-6F61-479B-892F-306AB678E156} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com/?src=2&st=12&barid={7B7EC4D9-9E46-11E2-859B-101F7415E3E8}&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Users\robert\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_165.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_170.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_88.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-20 19:50; foxmarks@kei.com; C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\foxmarks@kei.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-29 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-12 204288]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-5 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-29 2413056]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 StkSSrv;Syntek AVStream USB2.0 ATV Service;C:\Windows\System32\StkCSrv.exe [2011-9-19 24576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-5 2656280]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-5 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-6-12 12289472]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-11-29 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-11-29 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-5 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-5 428136]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-2-16 42392]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/03/20 13:55:44;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-24 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-9-12 1038088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkCMini.sys [2011-9-19 632704]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-06-22 18:12:13 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1AE0DF49-3F35-4E21-992C-A12D435CECB3}\mpengine.dll
2013-06-21 17:06:32 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88D1250A-AB0F-43B2-997A-C79048B5BF00}\gapaengine.dll
2013-06-21 17:06:01 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 12:20:00 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-21 12:17:07 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-13 01:20:54 -------- d-----w- C:\Users\robert\Software
2013-06-12 11:30:03 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 11:30:03 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-12 11:30:03 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-12 11:30:02 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 11:30:02 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-11 22:14:57 -------- d-----w- C:\Users\robert\health
2013-06-11 22:12:26 -------- d-----w- C:\Users\robert\letters
2013-06-06 18:38:57 33958 ----a-w- C:\ProgramData\uninstaller.exe
2013-06-02 01:31:50 -------- d-----w- C:\Users\robert\AppData\Local\ezvid,_inc
2013-06-02 01:29:56 -------- d-----w- C:\Program Files (x86)\GRETECH
2013-06-02 01:29:33 265976 ----a-w- C:\Windows\SysWow64\BytescoutScreenCapturingFilter.dll
2013-06-02 01:29:33 175864 ----a-w- C:\Windows\SysWow64\BytescoutVideoMixerFilter.dll
2013-06-02 01:29:32 753873 ----a-w- C:\Windows\unins000.exe
2013-06-02 01:29:32 438008 ----a-w- C:\Windows\SysWow64\BytescoutScreenCapturing.dll
2013-06-02 01:29:32 216064 ----a-w- C:\Windows\SysWow64\Lagarith.dll
2013-06-02 01:29:32 148992 ----a-w- C:\Windows\System32\Lagarith.dll
2013-06-02 01:29:25 -------- d-----w- C:\Users\robert\AppData\Roaming\OpenCandy
2013-06-02 01:29:25 -------- d-----w- C:\Program Files (x86)\ezvid
2013-05-27 20:38:19 -------- d-----w- C:\Program Files (x86)\Gmail Password Hacker
.
==================== Find3M ====================
.
2013-06-21 12:19:47 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-21 12:19:47 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-21 12:16:57 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-06-21 12:16:56 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-06-19 13:35:28 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-19 13:35:28 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-17 20:20:09 101184 ----a-w- C:\Windows\System32\stkMonitor.dll
2013-05-22 15:21:06 4325376 ----a-w- C:\ProgramData\ReadOnlyInstaller.msi
2013-05-17 03:09:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 03:02:29 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 03:01:13 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-17 02:56:09 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-17 02:51:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-16 22:39:39 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-16 22:28:26 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-16 22:27:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-16 22:21:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-16 22:20:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-16 22:16:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 11:19:15.75 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/12/2011 10:26:10 PM
System Uptime: 6/23/2013 4:34:16 AM (7 hours ago)
.
Motherboard: Hewlett-Packard | | 1659
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU1 | 1980/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 540.618 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.608 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.083 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP422: 5/31/2013 5:05:42 PM - Windows Update
RP423: 6/3/2013 6:12:50 PM - Windows Update
RP424: 6/6/2013 2:51:23 PM - Removed Apple Software Update
RP425: 6/6/2013 2:52:07 PM - Removed ASPCA Reminder by We-Care.com v4.1.22.1
RP426: 6/7/2013 8:03:49 AM - Windows Update
RP427: 6/10/2013 11:53:36 AM - Windows Update
RP428: 6/12/2013 8:54:31 AM - Windows Update
RP429: 6/15/2013 6:18:41 PM - Windows Update
RP430: 6/17/2013 9:33:22 PM - Windows Update
RP431: 6/21/2013 8:11:37 AM - Removed Java 7 Update 21 (64-bit)
RP432: 6/21/2013 8:13:51 AM - Removed Java 7 Update 21
RP433: 6/21/2013 8:16:42 AM - Installed Java 7 Update 25 (64-bit)
RP434: 6/21/2013 8:19:32 AM - Installed Java 7 Update 25
RP435: 6/21/2013 1:05:26 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
AC3Filter 1.63b
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Digital Editions
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Drive CS4 x64
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Fonts All x64
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe InDesign CS4 Icon Handler x64
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Reader XI (11.0.03)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Amazon Kindle
Amazon Send to Kindle
AMCap
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Audacity 2.0.3
AuthenTec TrueAPI
AutoHotkey 1.1.04.00
Bonjour
CamStudio Lossless Codec
CamStudio OSS Desktop Recorder
Camtasia Studio 7
Canon Auto Update Service
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot SX150 IS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
ClipX
Connect
CoreAAC Audio Decoder (remove only)
CutePDF Writer 2.8
CyberLink PowerDVD
CyberLink YouCam
D3DX10
DivX Setup
Dropbox
DVDFab 7.0.8.0 (14/07/2010)
DVDStyler v2.5 beta 2
Energy Star Digital Logo
ESET Online Scanner v3
ESU for Microsoft Windows 7
Ezvid
FileZilla Client 3.5.3
Gmail Password Hacker
GOM Player
Google Chrome
Google Drive
Google Earth
Google Talk Plugin
Google Update Helper
GoToMeeting 5.1.0.880
Graboid Video 3.58
Graboid Video 3.58 Setup
Hewlett-Packard ACLM.NET v1.2.1.1
HP 3D DriveGuard
HP Auto
HP Client Services
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
IDT Audio
ImgBurn
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Display Audio Driver
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
IrfanView (remove only)
iTunes
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
K-Lite Codec Pack 5.5.0 (64-bit)
KeyNote 1.6.5
kuler
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mobipocket Creator 4.2
Mobipocket Reader 6.2
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.3
OverDrive Media Console
PDF Settings CS4
Photoshop Camera Raw
Photoshop Camera Raw_x64
Pixel Bender Toolkit
PlayReady PC Runtime x86
Print Server Driver
PX Profile Update
QuickTime
QuoteTracker
Real Alternative 2.0.2
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
Renesas Electronics USB 3.0 Host Controller Driver
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SEO Backlink Checker 1.0
Skype™ 6.3
Snagit 10
Stellarium 0.11.2
Suite Shared Configuration CS4
swMSM
Synaptics TouchPad Driver
System Requirements Lab for Intel
TA-Lib Pro Excel
TA-Lib Pro Excel 2.5.0
thinkorswim from TD AMERITRADE
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 ATV
USB2.0 Capture Device
Validity WBF DDK
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.0.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPcap 4.1.2
Wireshark 1.6.2
WordWeb Pro
Xvid 1.2.2 final uninstall
Zinio Reader 4
ZoneAlarm LTD Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/22/2013 6:59:10 AM, Error: Service Control Manager [7000] - The Easybits Services for Windows service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm
Advertisement
Register to Remove

Re: Firefox Google Searches Are Being Censored

Unread postby wannabeageek » June 25th, 2013, 11:55 pm

Hello bonnie, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Firefox Google Searches Are Being Censored

Unread postby wannabeageek » June 27th, 2013, 11:41 pm

Hi bonnie,

Please run the following:


Step 1
Download and run MGA Diagnostic Tool
This tool will aid us in determining what additional steps will need to be performed.

  1. Click here to download the MGA Diagnostics Tool from Microsoft and save it to your Desktop. The MGADiag.exe icon will appear on your Desktop.
  2. Right-click the MGADiag.exe icon on your Desktop and then select Run As Administrator from the popup menu.. The tools' window will be displayed.
  3. Click the Continue button. The scan will be performed. Once the scan is complete the report information will be displayed and a Copy button will be provided.
  4. Click the Copy button.
  5. Open Notepad and paste the contents of the report into the Notepad window.
  6. Save the report and paste the contents into your reply.


Step 2.
Run CKScanner
  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Please include in your next reply:
  1. Contents of MGA Diagnostic report
  2. Contents of CKFiles.txt
  3. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Firefox Google Searches Are Being Censored

Unread postby bonnie » June 28th, 2013, 4:48 pm

Sorry for the delay in posting. I had an emergency and didn't get home until very late last night. As always, I really want to thank you for your help. Here is the information you asked for:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
Windows Product ID: 00359-OEM-8992687-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {9011E1FB-5BFD-4C47-B97A-13D2DB888F55}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130318-1533
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{9011E1FB-5BFD-4C47-B97A-13D2DB888F55}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-3434975647-2719533202-2998227652</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv7 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.1B</Version><SMBIOSVersion major="2" minor="7"/><Date>20111005000000.000000+000</Date></BIOS><HWID>A2813207018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>510CD565667F28</Val><Hash>TmU1w1fR7DGfej+ao0Y1Tl+BCF0=</Hash><Pid>81602-916-5270176-68872</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800010-02-1033-7601.0000-2482011
Installation ID: 014791978496790592115574751763898721584431846311051923
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3Q6C9
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 6/28/2013 4:38:51 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 6:11:2013 09:08
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEAAQABAAIAAAABAAAAAwABAAEAln3SerSl6JhOfyTUWOqA8NAIMv8Cjy5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HP INSYDE
FACP HPQOEM SLIC-MPC
HPET HP INSYDE
BOOT HP INSYDE
MCFG HP INSYDE
ASF! HP INSYDE
SLIC HPQOEM SLIC-MPC
SSDT HP INSYDE
ASPT HP INSYDE
SSDT HP INSYDE
SSDT HP INSYDE
SSDT HP INSYDE
SSDT HP INSYDE
SSDT HP INSYDE


I had to run the CKFiles program a few times before it didn't say program not responding. Here is want it reported:

CKScanner 2.3 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\cyberlink\powerdvd10\navfilter\kmsvc.exe
scanner sequence 3.NA.11.UPEMXF
----- EOF -----
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Firefox Google Searches Are Being Censored

Unread postby wannabeageek » June 30th, 2013, 1:53 am

Hello bonnie,


P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
Connect
Also, please remove the program: Gmail Password Hacker
As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.
Otherwise, please perform the following steps:
Remove P2P Program(s)
  1. Click on Start > Control Panel and double click on Programs and Features.
  2. Locate the following program:
    Connect
    Gmail Password Hacker
  3. Click on the Change/Remove button to uninstall it.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Repeat steps 2 and 3 for each program listed.
  4. When the program(s) have been uninstalled... Close Control Panel.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Firefox Google Searches Are Being Censored

Unread postby bonnie » June 30th, 2013, 5:39 am

Hi Wannabeageek,

I uninstalled Gmail Password Hacker as instructed, but do not see a program called "Connect" listed in Programs and Features.
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Firefox Google Searches Are Being Censored

Unread postby bonnie » June 30th, 2013, 6:02 am

I reran DDS and sure enough, that program is on the log, but still not seeing it in programs/features. Here's a clip of programs/features at: http://i40.tinypic.com/9gkg87.jpg

Here is the new log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.25.2
Run by robert at 5:51:06 on 2013-06-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.6517 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\StkCSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} - hxxp://www.iradiopop.com/IRD/INDBrowser.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8C2D1BF0-5364-403C-9968-E6E348C6B4FB} - hxxp://www.iradiopop.com/IRD/pages/VBIRDPlayer.CAB
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0}\C696E6B6379737 : NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8310BB86-6F61-479B-892F-306AB678E156} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com/?src=2&st=12&barid={7B7EC4D9-9E46-11E2-859B-101F7415E3E8}&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Users\robert\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_165.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_170.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_88.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-20 19:50; foxmarks@kei.com; C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\foxmarks@kei.com
FF - ExtSQL: 2013-06-24 20:42; BookmarkQuickMover@techlivezheng; C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\BookmarkQuickMover@techlivezheng.xpi
FF - ExtSQL: 2013-06-24 21:08; firefoxbookmarkchecker@everhelper.me; C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\firefoxbookmarkchecker@everhelper.me.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-29 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-12 204288]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-5 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-29 2413056]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 StkSSrv;Syntek AVStream USB2.0 ATV Service;C:\Windows\System32\StkCSrv.exe [2011-9-19 24576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-5 2656280]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-5 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-6-12 12289472]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-11-29 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-11-29 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-5 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-5 428136]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-2-16 42392]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/03/20 13:55:44;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-24 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-9-12 1038088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkCMini.sys [2011-9-19 632704]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-06-30 09:38:34 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{540B8CD0-6DD6-472B-9965-932CB486C714}\mpengine.dll
2013-06-29 01:08:01 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 17:06:32 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88D1250A-AB0F-43B2-997A-C79048B5BF00}\gapaengine.dll
2013-06-21 12:20:00 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-21 12:17:07 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-13 01:20:54 -------- d-----w- C:\Users\robert\Software
2013-06-12 11:30:03 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 11:30:03 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-12 11:30:03 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-12 11:30:02 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 11:30:02 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-11 22:14:57 -------- d-----w- C:\Users\robert\health
2013-06-11 22:12:26 -------- d-----w- C:\Users\robert\letters
2013-06-06 18:38:57 33958 ----a-w- C:\ProgramData\uninstaller.exe
2013-06-02 01:31:50 -------- d-----w- C:\Users\robert\AppData\Local\ezvid,_inc
2013-06-02 01:29:56 -------- d-----w- C:\Program Files (x86)\GRETECH
2013-06-02 01:29:33 265976 ----a-w- C:\Windows\SysWow64\BytescoutScreenCapturingFilter.dll
2013-06-02 01:29:33 175864 ----a-w- C:\Windows\SysWow64\BytescoutVideoMixerFilter.dll
2013-06-02 01:29:32 753873 ----a-w- C:\Windows\unins000.exe
2013-06-02 01:29:32 438008 ----a-w- C:\Windows\SysWow64\BytescoutScreenCapturing.dll
2013-06-02 01:29:32 216064 ----a-w- C:\Windows\SysWow64\Lagarith.dll
2013-06-02 01:29:32 148992 ----a-w- C:\Windows\System32\Lagarith.dll
2013-06-02 01:29:25 -------- d-----w- C:\Users\robert\AppData\Roaming\OpenCandy
2013-06-02 01:29:25 -------- d-----w- C:\Program Files (x86)\ezvid
.
==================== Find3M ====================
.
2013-06-21 12:19:47 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-21 12:19:47 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-21 12:16:57 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-06-21 12:16:56 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-06-19 13:35:28 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-19 13:35:28 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-17 20:20:09 101184 ----a-w- C:\Windows\System32\stkMonitor.dll
2013-05-22 15:21:06 4325376 ----a-w- C:\ProgramData\ReadOnlyInstaller.msi
2013-05-17 03:09:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 03:02:29 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 03:01:13 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-17 02:56:09 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-17 02:51:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-16 22:39:39 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-16 22:28:26 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-16 22:27:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-16 22:21:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-16 22:20:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-16 22:16:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 5:52:24.85 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/12/2011 10:26:10 PM
System Uptime: 6/30/2013 5:26:52 AM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1659
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU1 | 1980/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 540.443 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.608 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.083 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP423: 6/3/2013 6:12:50 PM - Windows Update
RP424: 6/6/2013 2:51:23 PM - Removed Apple Software Update
RP425: 6/6/2013 2:52:07 PM - Removed ASPCA Reminder by We-Care.com v4.1.22.1
RP426: 6/7/2013 8:03:49 AM - Windows Update
RP427: 6/10/2013 11:53:36 AM - Windows Update
RP428: 6/12/2013 8:54:31 AM - Windows Update
RP429: 6/15/2013 6:18:41 PM - Windows Update
RP430: 6/17/2013 9:33:22 PM - Windows Update
RP431: 6/21/2013 8:11:37 AM - Removed Java 7 Update 21 (64-bit)
RP432: 6/21/2013 8:13:51 AM - Removed Java 7 Update 21
RP433: 6/21/2013 8:16:42 AM - Installed Java 7 Update 25 (64-bit)
RP434: 6/21/2013 8:19:32 AM - Installed Java 7 Update 25
RP435: 6/21/2013 1:05:26 PM - Windows Update
RP436: 6/25/2013 7:01:09 AM - Windows Update
RP437: 6/28/2013 9:07:22 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
AC3Filter 1.63b
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Digital Editions
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Drive CS4 x64
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Fonts All x64
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe InDesign CS4 Icon Handler x64
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Reader XI (11.0.03)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Amazon Kindle
Amazon Send to Kindle
AMCap
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Audacity 2.0.3
AuthenTec TrueAPI
AutoHotkey 1.1.04.00
Bonjour
CamStudio Lossless Codec
CamStudio OSS Desktop Recorder
Camtasia Studio 7
Canon Auto Update Service
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot SX150 IS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
ClipX
Connect
CoreAAC Audio Decoder (remove only)
CutePDF Writer 2.8
CyberLink PowerDVD
CyberLink YouCam
D3DX10
DivX Setup
Dropbox
DVDFab 7.0.8.0 (14/07/2010)
DVDStyler v2.5 beta 2
Energy Star Digital Logo
ESET Online Scanner v3
ESU for Microsoft Windows 7
Ezvid
FileZilla Client 3.5.3
GOM Player
Google Chrome
Google Drive
Google Earth
Google Talk Plugin
Google Update Helper
GoToMeeting 5.1.0.880
Graboid Video 3.58
Graboid Video 3.58 Setup
Hewlett-Packard ACLM.NET v1.2.1.1
HP 3D DriveGuard
HP Auto
HP Client Services
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
IDT Audio
ImgBurn
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Display Audio Driver
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
IrfanView (remove only)
iTunes
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
K-Lite Codec Pack 5.5.0 (64-bit)
KeyNote 1.6.5
kuler
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mobipocket Creator 4.2
Mobipocket Reader 6.2
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.3
OverDrive Media Console
PDF Settings CS4
Photoshop Camera Raw
Photoshop Camera Raw_x64
Pixel Bender Toolkit
PlayReady PC Runtime x86
Print Server Driver
PX Profile Update
QuickTime
QuoteTracker
Real Alternative 2.0.2
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
Renesas Electronics USB 3.0 Host Controller Driver
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SEO Backlink Checker 1.0
Skype™ 6.3
Snagit 10
Stellarium 0.11.2
Suite Shared Configuration CS4
swMSM
Synaptics TouchPad Driver
System Requirements Lab for Intel
TA-Lib Pro Excel
TA-Lib Pro Excel 2.5.0
thinkorswim from TD AMERITRADE
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 ATV
USB2.0 Capture Device
Validity WBF DDK
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.0.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPcap 4.1.2
Wireshark 1.6.2
WordWeb Pro
Xvid 1.2.2 final uninstall
Zinio Reader 4
ZoneAlarm LTD Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/30/2013 5:28:09 AM, Error: Service Control Manager [7000] - The Easybits Services for Windows service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Firefox Google Searches Are Being Censored

Unread postby wannabeageek » June 30th, 2013, 5:32 pm

Hello Bonnie,

We will look at the Connect program issue in a bit. In the mean time, please run the following:
You may make separate posts as needed.

Step 1.
Security Check
  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.


Step 2.
Junkware Removal Tool
  • Please download and run the following program: JRT.exe
  • Right-click JRT.exe and select " Run as administrator " to run it.
  • When the program is finished running, post the log JRT.txt in your next reply.


Step 3.
AdwCleaner - Search
Please download AdwCleaner by Xplode, save it to your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Search.
  4. A logfile C:\AdwCleaner[R1].txt will automatically open after the scan has finished.
  5. Please post the content of the C:\AdwCleaner[R1].txt logfile in your next reply.


Step 4.
Please post the ESET log from your last scan.
The log should be locatred here:
C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt


Please include in your next reply:
  1. Contents of checkup.txt
  2. Contents of JRT.txt
  3. Contents of C:\AdwCleaner[R1].txt
  4. Contents of C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  5. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Firefox Google Searches Are Being Censored

Unread postby bonnie » June 30th, 2013, 7:31 pm

Hi Wannabeageek,

No problem running any of the programs. Here's the results:

Results of screen317's Security Check version 0.99.68
Windows 7 Service Pack 1 x64
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.8.800.88
Adobe Reader XI
Mozilla Firefox (22.0)
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.116
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by robert on Sun 06/30/2013 at 19:18:05.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}



~~~ Files

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\robert\AppData\Roaming\opencandy"
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{000F91C8-928D-48DC-A17F-01D201C4AA64}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{081ED63C-23CB-4F69-A86F-13549CAE21AA}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{1380492A-3474-4D39-A789-38A4DF9E2D5F}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{219D285A-3748-447D-B582-A69C50779F8A}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{2A50A989-9CD2-4123-AD17-7AC8F962C98B}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{2B1AAD44-E5A8-467D-A988-9297279DDAB3}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{2DC6640C-2A52-46BB-834E-FD6D423BD9A1}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{33ADC0C0-1182-44E7-8F7A-58119D7990D6}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{423F37F8-5114-4BAA-BCAA-50756E87759F}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{437E5628-9F6F-4927-A5A6-5046AD74820F}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{44818FFA-F93D-450B-A45C-EE71A3744063}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{514056F9-EB34-4DC7-859D-32495B8EEF30}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{6203017D-B82D-4F56-B146-627ECFF14C49}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{8EA4D97E-B436-4A42-8AA7-713343DAC2C4}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{91B8BFE6-8E37-402A-8AE1-74C41E6E45C7}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{91FCE58B-D9C5-4555-8B76-50D31C19DBAE}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{9B49D3D7-9F55-44B2-90A6-34207AA9565D}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{9BAED35D-9E93-4548-81E6-AA8C7D9D0ADC}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{9C7FF9E8-7B8E-427C-87D1-E5141B3AA298}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{A0B05162-0448-4205-BBD3-23B5937F1D81}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{AABA9301-E3AE-4D51-A1F6-5ECCE140289F}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{AF846F04-DA55-43A2-B0B8-8DEA9B04BE4A}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{C65B33A2-97E6-4F1B-AD0C-94561B591F44}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{CD2B1492-3FC5-4902-B3A4-0F35FC18FAD3}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{D9773F25-9C9E-4933-80AD-C91BCDB77A1F}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{F3678CEC-5A21-4FEB-B86F-1B3E2E094BE4}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{F8764D01-E99A-4BFD-BC3F-E3A21184169C}
Successfully deleted: [Empty Folder] C:\Users\robert\appdata\local\{FF20FE5A-4168-4B2F-8698-F70AD4477EF8}



~~~ FireFox

Successfully deleted: [File] C:\Users\robert\AppData\Roaming\mozilla\firefox\profiles\optplp1u.default\searchplugins\sweetim.xml
Successfully deleted the following from C:\Users\robert\AppData\Roaming\mozilla\firefox\profiles\optplp1u.default\prefs.js

user_pref("keyword.URL", "hxxp://start.sweetpacks.com/?src=2&st=12&barid={7B7EC4D9-9E46-11E2-859B-101F7415E3E8}&q=");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.com/");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={7B7EC4D9-9E46-11E2-859B-101F7415E3E8}");
Emptied folder: C:\Users\robert\AppData\Roaming\mozilla\firefox\profiles\optplp1u.default\minidumps [105 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/30/2013 at 19:22:20.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.303 - Logfile created 06/30/2013 at 19:23:30
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : robert - ROBERT-HP
# Boot Mode : Normal
# Running from : C:\Users\robert\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\Users\robert\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1826 octets] - [30/06/2013 19:23:30]

########## EOF - C:\AdwCleaner[R1].txt - [1886 octets] ##########

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=16114cbcf577e441a775fd1d0ff055c6
# engine=13451
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-21 10:01:14
# local_time=2013-03-21 06:01:14 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 72662063 115446724 0 0
# scanned=249274
# found=7
# cleaned=0
# scan_time=7057
sh=BD3D451BFB56B02EDD3D2D1FEA10E29EC94F1A8C ft=1 fh=3d6c1e353acd28fa vn="Win32/OpenCandy application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3434975647-2719533202-2998227652-1000\$RZUFTQB.exe"
sh=B4B217C0F96E3D48B61BBCE843B5A1B41BBE46C5 ft=1 fh=bf072b9bcf239a3b vn="Win32/InstallCore.BK.Gen application" ac=I fn="C:\Users\robert\Downloads\fake-voice-2-5-en-win-setup.exe"
sh=E29E8133A9F4943484F1E2A547F9BA1B97D8D5EF ft=1 fh=c0bdb28acf239a3b vn="Win32/InstallCore.BK.Gen application" ac=I fn="C:\Users\robert\Downloads\virtual-dj-7-0-5-es-en-fr-de-it-win-setup.exe"
sh=2BEB26B91E4977B6DD7DD7B7DDBFE67E55B4B117 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.SearchIt.AA application" ac=I fn="C:\Users\robert\My Books\eBayBooks\ebay shit.zip"
sh=4952125C43A81D87C05F0DE5EBD1D911A3FAA01A ft=1 fh=f99c5834cf80f394 vn="a variant of Win32/Toolbar.SearchSuite.A application" ac=I fn="C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\datamngrUI.exe"
sh=914337E333B338F782C2E70FAA7C141D6A746EBE ft=1 fh=b4708b0b71f01328 vn="a variant of Win32/Toolbar.SearchSuite application" ac=I fn="C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\DnsBHO.dll"
sh=3F7885BCD787ECD14910403E8F3A597D7CC3086E ft=1 fh=ae2749c88560efc1 vn="a variant of Win32/Toolbar.SearchSuite application" ac=I fn="C:\_OTL\MovedFiles\03192013_120706\C_Program Files (x86)\Settings Alerter\Datamngr\IEBHO.dll"
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Firefox Google Searches Are Being Censored

Unread postby wannabeageek » June 30th, 2013, 10:34 pm

Hi bonnie,

I need you to run the following:

Step 1.
AdwCleaner - Fix
You should still have AdwCleaner on your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Delete.
  4. Select OK at each prompt. When done, your computer will be rebooted automatically.
  5. A logfile C:\AdwCleaner[S1].txt will automatically open after the scan has finished.
  6. Please post the content of the C:\AdwCleaner[S1].txt logfile in your next reply.


Step 2.
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Please include in your next reply:
  1. Contents of C:\AdwCleaner[S1].txt
  2. Contents of OTL.txt
  3. Contents of Extras.txt
  4. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Firefox Google Searches Are Being Censored

Unread postby bonnie » July 1st, 2013, 8:16 am

Good morning Wannabeageek,
I ran all of the tools without an issue. Here are the results:

# AdwCleaner v2.303 - Logfile created 07/01/2013 at 07:50:52
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : robert - ROBERT-HP
# Boot Mode : Normal
# Running from : C:\Users\robert\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager
Folder Deleted : C:\Users\robert\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1949 octets] - [30/06/2013 19:23:30]
AdwCleaner[S1].txt - [1913 octets] - [01/07/2013 07:50:52]

########## EOF - C:\AdwCleaner[S1].txt - [1973 octets] ##########

OTL logfile created on: 7/1/2013 8:02:51 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\robert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.38 Gb Available Physical Memory | 80.32% Memory free
15.90 Gb Paging File | 14.27 Gb Available in Paging File | 89.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.87 Gb Total Space | 540.82 Gb Free Space | 79.08% Space Free | Partition Type: NTFS
Drive D: | 14.47 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.57 Mb Free Space | 85.54% Space Free | Partition Type: FAT32

Computer Name: ROBERT-HP | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/07/01 07:35:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/13 06:25:19 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/11 14:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/08 15:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/18 01:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/18 01:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/18 01:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files (x86)\WordWeb\wweb32.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/18 07:34:06 | 011,914,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ce6b7579fbb77330560e9122d1cf6526\System.Web.ni.dll
MOD - [2013/06/18 07:33:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b6eb138c3c9be780acb767c1bef572c1\System.Runtime.Remoting.ni.dll
MOD - [2013/05/15 10:45:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/15 10:44:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/15 10:44:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/09 10:23:31 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll
MOD - [2013/01/09 10:23:31 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll
MOD - [2013/01/09 07:43:53 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 07:43:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\571b85634abf2fba6bab80c21a347081\System.Xml.ni.dll
MOD - [2013/01/09 07:43:27 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 07:43:21 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/19 20:59:06 | 000,022,736 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/06/12 13:34:59 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/11/29 15:19:55 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/11/29 15:19:52 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/09/12 16:36:52 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/05/27 12:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/02/12 09:45:26 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)
SRV - [2013/06/29 15:13:40 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/19 09:35:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/11/29 15:17:50 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/09/12 16:34:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/24 21:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/02/18 01:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/15 18:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/12 13:35:04 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2012/06/12 13:34:59 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/12 13:34:59 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/29 15:19:55 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/11/29 15:17:50 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/11/29 15:16:20 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/11/29 15:16:20 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/13 07:34:42 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 18:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/05/27 12:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 12:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 21:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 20:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/06/28 09:45:26 | 000,632,704 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini)
DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20110913&iesrc={referrer:source}
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.19.2
FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3
FF - prefs.js..extensions.enabledAddons: amptra%40keepa.com:1.07
FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.12
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.1.1
FF - prefs.js..extensions.enabledAddons: BookmarkQuickMover%40techlivezheng:0.2
FF - prefs.js..extensions.enabledAddons: firefoxbookmarkchecker%40everhelper.me:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_88.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_88.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\robert\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\robert\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/22 14:34:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/29 15:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/29 15:13:12 | 000,000,000 | ---D | M]

[2013/03/18 08:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Extensions
[2013/06/27 17:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions
[2012/11/29 22:26:00 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013/01/08 14:07:13 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2013/06/24 20:42:38 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2013/06/20 19:50:28 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\foxmarks@kei.com
[2013/05/09 20:38:32 | 000,016,083 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\amptra@keepa.com.xpi
[2013/06/24 20:42:38 | 000,005,424 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\BookmarkQuickMover@techlivezheng.xpi
[2013/06/27 17:44:40 | 000,021,018 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\firefoxbookmarkchecker@everhelper.me.xpi
[2013/06/04 20:09:43 | 000,030,759 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2013/05/08 19:10:00 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/28 20:11:50 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2013/02/15 08:20:05 | 000,010,339 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\searchplugins\duckduckgo-1.xml
[2013/02/15 08:20:01 | 000,010,339 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\searchplugins\duckduckgo.xml
[2013/06/29 15:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/29 15:13:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/29 15:13:11 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2013/06/29 15:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/29 15:13:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: HP Product Detection Plugin = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.27.1_0\
CHR - Extension: Website Logon = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\
CHR - Extension: YouTube = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Google Search = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Forecastfox = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: HP Product Detection Plugin = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.27.1_0\
CHR - Extension: Website Logon = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\
CHR - Extension: YouTube = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Google Search = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Forecastfox = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/03/19 06:11:05 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} http://www.iradiopop.com/IRD/INDBrowser.CAB (INDBrowser Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8C2D1BF0-5364-403C-9968-E6E348C6B4FB} http://www.iradiopop.com/IRD/pages/VBIRDPlayer.CAB (VBIRDPlayer.Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8310BB86-6F61-479B-892F-306AB678E156}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (c:\progra~3\wincert\win64c~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1e45ebb7-03db-11e2-9c5f-101f7415e3e8}\Shell - "" = AutoRun
O33 - MountPoints2\{1e45ebb7-03db-11e2-9c5f-101f7415e3e8}\Shell\AutoRun\command - "" = G:\TVRadio.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/01 07:35:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2013/06/30 19:33:19 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\MW-Remove
[2013/06/30 19:17:58 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/29 15:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/06/21 08:20:06 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/21 08:20:00 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/06/21 08:20:00 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/06/21 08:20:00 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/21 08:17:14 | 000,312,232 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/06/21 08:17:07 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/06/21 08:17:07 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/06/21 08:17:07 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/06/12 21:20:54 | 000,000,000 | ---D | C] -- C:\Users\robert\Software
[2013/06/12 08:58:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/06/12 08:58:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/06/12 08:58:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/12 08:58:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/12 08:58:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/06/12 08:58:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/06/12 08:58:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/06/12 08:58:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/06/12 08:58:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/06/12 08:58:29 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/12 08:58:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/06/12 08:58:29 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/12 08:58:28 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/12 08:58:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/12 08:58:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/06/12 07:30:03 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/12 07:30:03 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/12 07:30:02 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 07:30:02 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 07:29:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/12 07:29:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/12 07:29:55 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/12 07:29:53 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 07:29:53 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 07:29:53 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 07:29:52 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 07:29:52 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 07:29:52 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/11 18:14:57 | 000,000,000 | ---D | C] -- C:\Users\robert\health
[2013/06/11 18:12:26 | 000,000,000 | ---D | C] -- C:\Users\robert\letters
[2013/06/01 21:31:50 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\ezvid,_inc
[2013/06/01 21:30:12 | 000,000,000 | ---D | C] -- C:\Users\robert\Documents\GomPlayer
[2013/06/01 21:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2013/06/01 21:30:05 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\GRETECH
[2013/06/01 21:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2013/06/01 21:29:33 | 000,265,976 | ---- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutScreenCapturingFilter.dll
[2013/06/01 21:29:33 | 000,175,864 | ---- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutVideoMixerFilter.dll
[2013/06/01 21:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ezvid
[2013/06/01 21:29:32 | 000,438,008 | ---- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutScreenCapturing.dll
[2013/06/01 21:29:31 | 000,000,000 | ---D | C] -- C:\Users\robert\Documents\ezvid
[2013/06/01 21:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ezvid
[2011/09/13 07:34:42 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\robert\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/07/01 08:00:25 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/01 08:00:25 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/01 08:00:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3434975647-2719533202-2998227652-1000UA.job
[2013/07/01 07:53:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/01 07:52:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/01 07:52:00 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/01 07:51:19 | 000,000,196 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/01 07:35:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2013/07/01 07:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/01 07:30:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/30 19:13:51 | 000,648,201 | ---- | M] () -- C:\Users\robert\Desktop\adwcleaner.exe
[2013/06/30 12:00:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3434975647-2719533202-2998227652-1000Core.job
[2013/06/28 06:45:32 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForrobert.job
[2013/06/23 10:13:01 | 000,239,675 | ---- | M] () -- C:\Users\robert\Desktop\ebayinfoproduct(1).pdf
[2013/06/21 08:19:52 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/21 08:19:48 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/21 08:19:48 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/06/21 08:19:48 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/06/21 08:19:47 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/06/21 08:19:47 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/06/21 08:17:00 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/06/21 08:16:58 | 000,312,232 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/06/21 08:16:58 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/06/21 08:16:58 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/06/21 08:16:57 | 001,093,032 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/06/21 08:16:56 | 000,972,712 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/06/19 09:35:28 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/19 09:35:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/17 21:38:20 | 000,773,482 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/17 21:38:20 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/17 21:38:20 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/17 21:38:12 | 000,773,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/17 16:20:09 | 000,101,184 | ---- | M] (Amazon.com, Inc.) -- C:\Windows\SysNative\stkMonitor.dll
[2013/06/12 10:56:01 | 000,000,219 | ---- | M] () -- C:\Users\robert\Desktop\- StumbleUpon.URL
[2013/06/12 10:23:36 | 000,016,679 | ---- | M] () -- C:\Users\robert\Desktop\Untitled.camproj
[2013/06/10 07:09:34 | 000,001,051 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/06/06 14:38:57 | 000,033,958 | ---- | M] () -- C:\ProgramData\uninstaller.exe
[2013/06/02 11:23:43 | 091,453,618 | ---- | M] () -- C:\Users\robert\Desktop\Trading_Full_Circle.pdf
[2013/06/01 21:30:08 | 000,001,173 | ---- | M] () -- C:\Users\robert\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2013/06/01 21:29:55 | 000,005,632 | ---- | M] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/01 21:29:35 | 000,059,905 | ---- | M] () -- C:\Windows\unins000.dat
[2013/06/01 21:27:20 | 000,753,873 | ---- | M] () -- C:\Windows\unins000.exe

========== Files Created - No Company Name ==========

[2013/06/30 19:13:36 | 000,648,201 | ---- | C] () -- C:\Users\robert\Desktop\adwcleaner.exe
[2013/06/23 10:13:00 | 000,239,675 | ---- | C] () -- C:\Users\robert\Desktop\ebayinfoproduct(1).pdf
[2013/06/12 10:56:01 | 000,000,219 | ---- | C] () -- C:\Users\robert\Desktop\- StumbleUpon.URL
[2013/06/06 14:38:57 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/02 11:23:39 | 091,453,618 | ---- | C] () -- C:\Users\robert\Desktop\Trading_Full_Circle.pdf
[2013/06/01 21:30:08 | 000,001,173 | ---- | C] () -- C:\Users\robert\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2013/06/01 21:29:32 | 000,753,873 | ---- | C] () -- C:\Windows\unins000.exe
[2013/06/01 21:29:32 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2013/06/01 21:29:32 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\Lagarith.dll
[2013/06/01 21:29:31 | 000,059,905 | ---- | C] () -- C:\Windows\unins000.dat
[2013/05/22 11:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2012/09/02 10:26:07 | 000,000,288 | ---- | C] () -- C:\Users\robert\AppData\Roaming\.backup.dm
[2012/08/19 16:45:51 | 000,000,059 | ---- | C] () -- C:\Windows\ANS2000.INI
[2012/08/19 16:45:51 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2012/08/19 16:45:51 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2012/07/11 08:32:01 | 000,000,076 | ---- | C] () -- C:\Windows\Setup Wizard.INI
[2012/06/12 13:36:08 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/06/12 13:36:08 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/12 13:36:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/06/12 13:36:05 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/14 15:17:56 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\DSPlayer.dll
[2012/02/15 08:47:00 | 000,007,608 | ---- | C] () -- C:\Users\robert\AppData\Local\Resmon.ResmonCfg
[2011/12/21 12:13:39 | 000,005,632 | ---- | C] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/21 12:13:13 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/21 12:13:13 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/21 12:12:18 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2011/11/01 19:55:31 | 000,060,304 | ---- | C] () -- C:\Users\robert\g2mdlhlpx.exe
[2011/09/30 22:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/21 22:11:17 | 000,000,115 | ---- | C] () -- C:\Windows\iwatch.ini
[2011/09/19 11:31:04 | 000,057,344 | ---- | C] () -- C:\Windows\StkUnist.exe
[2011/09/13 07:34:42 | 000,007,859 | ---- | C] () -- C:\Users\robert\AppData\Roaming\pcouffin.cat
[2011/09/13 07:34:42 | 000,001,167 | ---- | C] () -- C:\Users\robert\AppData\Roaming\pcouffin.inf
[2011/09/12 10:43:50 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/05 17:55:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/05 17:46:22 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/09/05 17:45:07 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/09/05 17:41:04 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

========== ZeroAccess Check ==========

[2012/07/14 19:11:12 | 000,000,596 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\optplp1u.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2012/11/10 00:09:20 | 000,000,596 | ---- | M] () -- C:\Users\robert\Desktop\FF-BUs\Old Firefox Data\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2012/11/10 00:09:20 | 000,000,596 | ---- | M] () -- C:\Users\robert\Desktop\FF-BUs\Old Firefox Data-1\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Firefox Google Searches Are Being Censored

Unread postby bonnie » July 1st, 2013, 8:17 am

Here's extras.txt:

OTL Extras logfile created on: 7/1/2013 8:02:51 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\robert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.38 Gb Available Physical Memory | 80.32% Memory free
15.90 Gb Paging File | 14.27 Gb Available in Paging File | 89.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.87 Gb Total Space | 540.82 Gb Free Space | 79.08% Space Free | Partition Type: NTFS
Drive D: | 14.47 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.57 Mb Free Space | 85.54% Space Free | Partition Type: FAT32

Computer Name: ROBERT-HP | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00417936-032D-4942-97DC-BE2EAA280776}" = lport=137 | protocol=17 | dir=in | app=system |
"{177123BF-47FF-41FE-8349-44D1EA338F3A}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{29AE13EC-3085-4A90-B564-E1BB8B64DC26}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A78443E-34E5-46BF-B522-C3447B49AB71}" = rport=138 | protocol=17 | dir=out | app=system |
"{2D08D80E-568C-45B5-96D7-F3E8AA1245EB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2F779211-F841-452E-BA05-CFBE21CCD6F8}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{3A027150-1368-4FE4-A8B8-9B6AF833E2C2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{55B54AEE-488E-48A9-BAB1-7A446A90F831}" = lport=138 | protocol=17 | dir=in | app=system |
"{58082316-27F8-4F97-A28E-11ABCF3EA8EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C032DAE-3740-49E7-81E9-8AD06D562C94}" = rport=445 | protocol=6 | dir=out | app=system |
"{62E54321-5182-4E24-8391-EE05B126332F}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{644FBB2E-7A52-4F58-913F-213586430C5D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{655FD17F-E275-46F2-8683-AC8EAC9A7978}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{677A7480-5114-4BBD-BD76-FCAEA067B46B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{727EC74D-5F69-4542-9232-482D8FA0C21D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7F4ED2B4-BBF9-4CA5-8EB1-BFC282A25FA6}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{82B20512-E824-41FD-A71C-5E8B7ECA67EB}" = lport=445 | protocol=6 | dir=in | app=system |
"{91E701A1-686B-4587-BA98-16B8DA3028D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{A4434578-0F65-4073-9D0D-96CF7A796ADF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C2804859-D6D6-4C65-BA4E-B1AD0C986053}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E532F5BD-6DB0-45F0-A6BF-33CF48589943}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D4BD88-5F8D-47A3-AEC6-5A0C60B677B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A8DA49A-9438-48CA-93BF-1CAD73DB6C7B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0AD2C35A-6D71-46C4-AED5-A9445F8ECE50}" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"{0D8E72A3-7D1C-4D87-80EC-E1DB43C15816}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{18BC55AF-21C9-4129-A75E-B13198BC0486}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1E543E7D-F9D4-4060-9896-AAAA2F8BAF5A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{2A8EA6BA-4F39-4E3C-BC1B-C38EC299585D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{2E3722F8-0701-4C4D-B4E8-07C5EA097559}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{317C1EB3-A653-40DA-943E-5773F026DC1C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{3515A621-3BEF-4216-8238-7C34DA3D5E0A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{469E7FA6-8835-4D3A-971F-0637188F4969}" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"{54E8B167-0B45-44C1-8DF3-9500776B81A0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{6FA82F8C-274F-4467-99D1-95602CC0545E}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{738CEB08-F687-4F47-9793-2C369B94EF43}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{77D7C794-AE1D-4E44-95B4-A6DFBA3D7E63}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{78A40D94-D42C-4766-94AF-7D03F29BAD79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{855990D5-1E39-48D0-86E5-8F2974119812}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{86AF4F9B-F416-49B0-8D32-EDAD92A5E9D0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{93F2976E-E72B-4E7B-B13C-CA73C4EB51F1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9EDA278D-1263-47F1-AC93-0AE70F780010}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{A24F93DE-1F44-46BC-9AC6-FD229AFBAE14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A50366EE-ED8C-4D8B-A75C-33E0EFA262F0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A8250C84-E832-43B8-B817-5DC4EE32E3F6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ACCB4CC1-5968-47D0-B294-021FB66D5EED}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{BBCDCCCB-172C-41D2-B72A-484F648E6FBE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BEDCD25D-6F42-452F-8070-2AEEDEBCCDC0}" = protocol=17 | dir=in | app=c:\users\robert\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BF4DBE6E-6020-41EA-84C9-126DEE9F7EE1}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{C634149D-2840-4105-B470-262859F3E072}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CD36D2B7-F2C6-4383-BD10-D857F2DD85FC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D2EE4647-263B-4861-8645-C6F1E0EFCB42}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D7776677-CD4C-465A-8017-7F99230EFD62}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D9A15629-D404-475C-86D8-DC8D89F42DE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E02D752D-2CC6-4EBE-A037-2C4133F3D58A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E248442D-ACB2-4DE2-B52E-625F57627040}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{E47CD307-7A90-44C5-98FD-DCDD122D6481}" = protocol=6 | dir=in | app=c:\users\robert\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E8E4F810-9E4B-4680-9169-7CC3E414DE06}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{F1501188-3896-4CFC-9BB5-F3A0B680076B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F190AF56-4F9A-4036-87F6-6A976416165E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F4D4CBFD-206F-4810-9574-46536B3B6A96}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F6227FE2-2E02-4575-B576-2AEE16C8F655}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{F81DB3FF-48CF-4B03-9E61-EA74B9BCE4E9}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{F9C300F8-DF28-4FE0-AFFE-718F8E01D2AC}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"TCP Query User{813E6DF8-E3D6-4A7C-B183-29F613EA8949}G:\tvradio.exe" = protocol=6 | dir=in | app=g:\tvradio.exe |
"TCP Query User{939AE9C9-5BCB-44FC-BAD4-9E05F912AECE}C:\program files (x86)\microsoft office\office12\excel.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\excel.exe |
"TCP Query User{A61A0227-0049-4C28-A9B6-016BFF2EC4FB}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{A8C3BF72-FD86-461D-85ED-892A0B2DC905}C:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{C99F5B99-23B4-4784-9439-C5364328B411}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{D12F9ABA-B57D-442F-96DE-ADD601E171CD}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{01F1332C-E848-4489-BEB9-856B8DE43B4A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{260C2F63-A20D-4D7A-BE02-6E5F522029FB}C:\program files (x86)\microsoft office\office12\excel.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\excel.exe |
"UDP Query User{34C32CD3-701A-4170-8D3B-EA9511B196B5}G:\tvradio.exe" = protocol=17 | dir=in | app=g:\tvradio.exe |
"UDP Query User{4096FC23-38FE-4213-A283-463061A9134A}C:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{59BCB70A-CE7C-4E81-865A-9A0AA91881BA}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{6D7911D9-CA70-4E42-B378-EF0B75A50F7B}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1876545F-47B1-80A7-2F98-D175DA98A392}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"camcodec" = CamStudio Lossless Codec
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.5.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0296D4D2-DA68-2DFD-5AC1-6FB04354A86E}" = PX Profile Update
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07AF6797-0CF6-FFBB-FDE3-CC51D3B5F342}" = Catalyst Control Center Graphics Previews Common
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08523528-BA2F-43BB-87E3-252C081872B9}" = Catalyst Control Center - Branding
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}" = Google Earth
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{120F4744-38ED-FB1E-F313-A7A7E419A71E}" = CCC Help Chinese Traditional
"{135AAD7D-FB4A-800C-E7F2-58D02B936C38}" = Catalyst Control Center Localization All
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178EA4CE-9622-76B4-308F-73FEC150DBB4}" = CCC Help Norwegian
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE85A98-397D-B62B-0D21-3F7DC93F4F3A}" = CCC Help Swedish
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{339F5A1B-8DB7-E4F8-0A07-EF35B60EBE53}" = CCC Help Portuguese
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36A52BCF-AC3D-32F1-AD5F-A09769EB8887}" = Google Talk Plugin
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3C873221-12B9-475D-8DCB-62D0B2179AF9}" = USB2.0 ATV
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{412308A1-73B4-A26B-57A8-BE827ADA9BF9}" = Catalyst Control Center Profiles Mobile
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A6937DA-DABE-31C9-C433-D67C640B7BED}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52594AFD-2797-356A-CC6F-57047524F1E1}" = CCC Help Japanese
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel(R) Wireless Display
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5C7F3D35-9018-A839-3B9C-E50B517B9458}" = CCC Help Hungarian
"{5CA75999-3DDE-7B58-3394-38A4E82D8466}" = Catalyst Control Center InstallProxy
"{60CD8628-DDD9-B498-A368-D01A4793CCFA}" = CCC Help Dutch
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6866ADAD-71F1-D306-B979-6371D8C4411A}" = CCC Help German
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{761E061F-FB8E-BBB4-69A4-B1DEF3640DB7}" = Zinio Reader 4
"{76D0E682-0183-E295-FA4C-DA6763669CCA}" = CCC Help English
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}" = HP Documentation
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DB85CDE-EC37-A333-05B1-23846D03F08D}" = CCC Help Russian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F6285DB-2536-7EDE-23D2-CA10E2D6399C}" = CCC Help French
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA16FAFC-CCD3-899B-2860-A709BDE31CDC}" = CCC Help Korean
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B357B619-36C5-7C1E-063B-92677609CB14}" = CCC Help Danish
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{bcb1ff51-51a4-4048-b534-3a9b3aa4acce}" = Graboid Video 3.58 Setup
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BDEB2CF5-C1C5-BCC8-DF29-1EE4CF389F9D}" = CCC Help Turkish
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5D8263A-4D81-8979-91DE-B10120642FC5}" = Catalyst Control Center
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEEE5B98-96F1-2F1E-0627-853C5F98DE41}" = CCC Help Finnish
"{CF48FF43-B417-637C-C804-0F285FD7ED05}" = CCC Help Spanish
"{CF6A05D4-E715-BCF4-9ED2-A3307E386D28}" = CCC Help Czech
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB2C5E6A-CFDD-D6FD-480E-692EBEC17BFC}" = CCC Help Greek
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E59E0B3D-F840-5910-DF8C-73CFA82613C2}" = CCC Help Polish
"{E77268D6-5E7F-6DE1-34AC-A1A276710C21}" = CCC Help Chinese Standard
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECA76BEF-EE19-4C12-8C11-AD3B11B23176}" = TA-Lib Pro Excel
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5C7356C-463C-75BC-E4E0-324E4516EB73}" = CCC Help Thai
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1" = Ezvid
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"Amazon Kindle" = Amazon Kindle
"AMCap" = AMCap
"Audacity_is1" = Audacity 2.0.3
"Auto Update Service" = Canon Auto Update Service
"AutoHotkey" = AutoHotkey 1.1.04.00
"CameraUserGuide-PSSX150IS" = Canon PowerShot SX150 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"ClipX" = ClipX
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX Setup
"DVDFab 7_is1" = DVDFab 7.0.8.0 (14/07/2010)
"DVDStyler_is1" = DVDStyler v2.5 beta 2
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.3
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Graboid Video" = Graboid Video 3.58
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"IrfanView" = IrfanView (remove only)
"KeyNote_is1" = KeyNote 1.6.5
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Notepad++" = Notepad++
"PhotoStitch" = Canon Utilities PhotoStitch
"Print Server Driver" = Print Server Driver
"ProInst" = Intel PROSet Wireless
"QuoteTracker_is1" = QuoteTracker
"RealAlt_is1" = Real Alternative 2.0.2
"SendToKindle" = Amazon Send to Kindle
"SEO Backlink Checker_is1" = SEO Backlink Checker 1.0
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"Stellarium_is1" = Stellarium 0.11.2
"TA-Lib Pro Excel" = TA-Lib Pro Excel 2.5.0
"thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE
"USB2.0 ATV" = USB2.0 ATV
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.2
"WordWeb" = WordWeb Pro
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.1.0.880
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2013 7:26:03 PM | Computer Name = robert-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 7/1/2013 6:58:43 AM | Computer Name = robert-HP | Source = WinMgmt | ID = 10
Description =

Error - 7/1/2013 7:53:08 AM | Computer Name = robert-HP | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 7/17/2012 1:40:59 PM | Computer Name = robert-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/20893b40_1289_43d3_bdda_ea847b4422e4/tj+iuksxkkzu3qavykdsijd9_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8139 Ram Utilization: 20 TargetSite: Void UpdateDetail(System.String)

Error - 10/3/2012 10:23:19 AM | Computer Name = robert-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/3/2012 11:38:09 AM | Computer Name = robert-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/3/2012 1:33:28 PM | Computer Name = robert-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/4/2012 6:18:40 AM | Computer Name = robert-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2146233087 at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Provider load failure StackTrace: at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
System.Management Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 8139 Ram
Utilization: 20 TargetSite: Void ThrowWithExtendedInfo(System.Management.ManagementStatus)


Error - 1/6/2013 8:14:27 PM | Computer Name = robert-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233079 at System.Windows.Window.VerifyNotClosing()

at System.Windows.Window.InternalClose(Boolean shutdown, Boolean ignoreCancel)

at System.Windows.Application.DoShutdown() at System.Windows.Application.ShutdownImpl()

at System.Windows.Application.ShutdownCallback(Object arg) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
Cannot set Visibility to Visible or call Show, ShowDialog, or Close while window
is closing. StackTrace: at System.Windows.Window.VerifyNotClosing() at System.Windows.Window.InternalClose(Boolean
shutdown, Boolean ignoreCancel) at System.Windows.Application.DoShutdown()
at System.Windows.Application.ShutdownImpl() at System.Windows.Application.ShutdownCallback(Object
arg) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
PresentationFramework Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\HPSF.exe Format: en-US RAM: 8139 Ram Utilization: 20 TargetSite:
Void VerifyNotClosing()

Error - 3/19/2013 6:15:28 AM | Computer Name = robert-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 8139 Ram
Utilization: 10 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 3/21/2013 5:42:16 PM | Computer Name = robert-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 3/21/2013 5:45:18 PM | Computer Name = robert-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 4/12/2013 3:30:19 PM | Computer Name = robert-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8139
Ram
Utilization: TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


[ HP Connection Manager Events ]
Error - 1/19/2012 12:22:20 AM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/18 23:22:20.488|000009E4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/19/2012 10:23:00 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/19 21:23:00.397|00000CFC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/19/2012 11:23:10 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/19 22:23:10.034|00001470|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/20/2012 8:16:06 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/20 19:16:06.108|000012B4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/21/2012 10:14:16 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/21 21:14:16.927|00000B74|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/22/2012 10:00:22 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/22 21:00:22.195|00000BFC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/23/2012 8:48:46 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/23 19:48:46.505|00001780|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/23/2012 8:48:48 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/23 19:48:48.377|00001780|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/23/2012 10:01:04 PM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/23 21:01:04.372|00000C9C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/24/2012 8:34:21 AM | Computer Name = robert-HP | Source = hpCMSrv | ID = 5
Description = 2012/01/24 07:34:21.051|000003F0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ HP Software Framework Events ]
Error - 1/6/2013 9:12:41 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2013/01/06 20:12:41.920|00000F80|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/8/2013 2:35:09 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2013/01/08 13:35:09.108|000018F0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/10/2013 7:27:22 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2013/01/10 18:27:22.565|00000228|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/17/2013 11:10:44 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2013/01/17 22:10:44.301|00001E04|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/31/2013 7:30:06 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2013/01/31 18:30:06.255|00001210|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 1/31/2013 7:30:06 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2013/01/31 18:30:06.633|00001210|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 2/14/2013 6:30:01 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2013/02/14 17:30:01.448|00000F84|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/7/2013 7:41:50 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2013/03/07 18:41:50.502|00001B70|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/21/2013 5:44:27 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2013/03/21 17:44:27.035|0000131C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 4/4/2013 5:32:07 PM | Computer Name = robert-HP | Source = CaslWmi | ID = 5
Description = 2013/04/04 17:32:07.198|00001B84|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ System Events ]
Error - 7/1/2013 6:58:22 AM | Computer Name = robert-HP | Source = Service Control Manager | ID = 7000
Description = The Easybits Services for Windows service failed to start due to the
following error: %%2

Error - 7/1/2013 7:52:55 AM | Computer Name = robert-HP | Source = Service Control Manager | ID = 7000
Description = The Easybits Services for Windows service failed to start due to the
following error: %%2


< End of report >
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Firefox Google Searches Are Being Censored

Unread postby wannabeageek » July 2nd, 2013, 1:05 am

Hi bonnie.

In your first post you mentioned it was google in firefox that was having the issue with web page redirects or censored as you put it.
Are you still having this issue?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Bandoo*
    *Community*
    *Conduit*
    *coupon*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *opencandy*
    *Searchqu*
    *Searchnu*
    *sweetpacks*
    *sweetim*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *Bandoo*
    *Community*
    *Conduit*
    *coupon*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *opencandy*
    *Searchqu*
    *Searchnu*
    *sweetpacks*
    *sweetim*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    Bandoo
    Community
    Conduit
    coupon
    datamngr
    Fun4IM
    iLivid
    IObit
    Iminent
    opencandy
    Searchqu
    Searchnu
    sweetpacks
    sweetim
    Tarma
    trolltech
    vshare
    whitesmoke
    Yontoo
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Firefox Google Searches Are Being Censored

Unread postby bonnie » July 2nd, 2013, 7:15 am

Hi Wannabeageek,

I just tried the same search term as I did when I had the trouble, and it appears fixed. Thank you so much!

Here is the results of Systemlook tool:

SystemLook 30.07.11 by jpshortstuff
Log created at 06:53 on 02/07/2013 by robert
Administrator - Elevation successful

========== filefind ==========

Searching for "*Bandoo*"
No files found.

Searching for "*Community*"
C:\Program Files\Common Files\Adobe\Help\en_US\Photoshop\11.0\images\Community.png -ra---- 3542 bytes [21:01 12/09/2011] [18:44 19/09/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\cs_CZ\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\de_DE\Acrobat Pro\9.0\images\Community.png --a---- 3542 bytes [11:16 22/05/2008] [11:16 22/05/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\de_DE\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Acrobat Pro\9.0\images\Community.png -ra---- 3542 bytes [16:00 14/05/2008] [16:00 14/05/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Dreamweaver\10.0\images\Community.png -ra---- 3542 bytes [20:52 12/09/2011] [01:53 11/09/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Fireworks\10.0\images\Community.png -ra---- 3542 bytes [20:53 12/09/2011] [21:53 04/09/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Flash\10.0_UsingFlash\images\Community.png --a---- 3542 bytes [15:11 17/06/2008] [15:11 17/06/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Flash\10.0_Welcome\images\Community.png --a---- 3542 bytes [16:04 12/06/2008] [16:04 12/06/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Illustrator\14.0\images\Community.png -ra---- 3542 bytes [20:58 12/09/2011] [14:32 10/09/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\InDesign\6.0\Images\Community.png -ra---- 3542 bytes [21:03 12/09/2011] [23:15 04/09/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Photoshop\11.0\images\Community.png -ra---- 3542 bytes [20:59 12/09/2011] [18:38 19/09/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\es_ES\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\fr_FR\Acrobat Pro\9.0\images\Community.png --a---- 3542 bytes [09:06 22/05/2008] [09:06 22/05/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\fr_FR\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\it_IT\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\ja_JP\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\ko_KR\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\nl_NL\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\pl_PL\AME\4.0\images\Community.png --a---- 3542 bytes [06:08 26/08/2008] [06:08 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\pt_BR\AME\4.0\images\Community.png --a---- 3542 bytes [06:09 26/08/2008] [06:09 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\ru_RU\AME\4.0\images\Community.png --a---- 3542 bytes [06:09 26/08/2008] [06:09 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\sv_SE\AME\4.0\images\Community.png --a---- 3542 bytes [06:09 26/08/2008] [06:09 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\tr_TR\AME\4.0\images\Community.png --a---- 3542 bytes [06:09 26/08/2008] [06:09 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\zh_CN\AME\4.0\images\Community.png --a---- 3542 bytes [06:09 26/08/2008] [06:09 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Common Files\Adobe\Help\zh_TW\AME\4.0\images\Community.png --a---- 3542 bytes [06:09 26/08/2008] [06:09 26/08/2008] 421CA9F7562DAF8F7A3A39F4D55B81BC
C:\Program Files (x86)\Notepad++\user.manual\sites\all\images\NppCommunityLogo.png --a---- 18238 bytes [21:33 18/07/2011] [21:33 18/07/2011] D5191EBF4FFD9AD19580F6038506076A
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5ZUZ10Z5\icon_community.imgcache.rev1356556957207[1].png --a---- 4091 bytes [11:06 11/06/2013] [11:06 11/06/2013] A90D46AEBA72E0B3F1CDEDD3458CCFBD
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CZA83W32\community_home_skin1307366537_SPLIT_001[1].css --a---- 474008 bytes [18:33 11/04/2013] [18:33 11/04/2013] 4A5721A05B66E12DFB02D177E0607E39
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CZA83W32\community_home_skin1307366537_SPLIT_002[1].css --a---- 105487 bytes [18:33 11/04/2013] [18:33 11/04/2013] 0EFB872CDCE5D582FF9372121C341B26
C:\Users\robert\My Books\Copywriting Materials\David_Garfinkel_-_Ultimate_Copywriting_Crash_Course-www.feedurbrain.com\Week 6\Session6_CommunityConversations.mp3 --a---- 25517531 bytes [12:23 16/09/2011] [03:16 13/02/2010] CE44279C0B3AC0E67417F10DCE3CE8BF
C:\Users\robert\My Books\Copywriting Materials\David_Garfinkel_-_Ultimate_Copywriting_Crash_Course-www.feedurbrain.com\Week 6\Session6_CommunityConversations.mp4 --a---- 105413299 bytes [12:23 16/09/2011] [08:36 13/02/2010] 3B961A1D80875EADD2443F8353F8DF9C

Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206160 bytes [03:32 10/08/2012] [03:32 10/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46

Searching for "*coupon*"
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll --a---- 248192 bytes [03:45 14/10/2012] [22:18 19/10/2012] 924366CBEDB044930207A40A5404FF7E
C:\Program Files (x86)\Mozilla Firefox\components\npCouponPrinter.xpt --a---- 207 bytes [19:13 29/06/2013] [23:52 01/05/2009] 4F63D7C222350DC2D5182384B128B62E
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Coupons.com - Print Coupons.lnk --a---- 1879 bytes [11:01 12/03/2013] [11:01 12/03/2013] B05993302DBD2E8FA3E79EC88CC1B57B
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk --a---- 2031 bytes [11:01 12/03/2013] [11:01 12/03/2013] 69F0478FD8CC5143866C27AE5FBDDE7C
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Coupons\Coupons.com - Print Coupons.lnk --a---- 1879 bytes [11:01 12/03/2013] [11:01 12/03/2013] B05993302DBD2E8FA3E79EC88CC1B57B
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk --a---- 2031 bytes [11:01 12/03/2013] [11:01 12/03/2013] 69F0478FD8CC5143866C27AE5FBDDE7C
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V39Y3ZNS\coupon[1].htm --a---- 211 bytes [23:49 26/03/2013] [23:49 26/03/2013] 6A85349B69304AC2DE5274C9C898A4AF
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V39Y3ZNS\coupon[1].js --a---- 324 bytes [23:49 26/03/2013] [23:49 26/03/2013] D55996D989B34555E2D699BAE31D0D41
C:\Windows\couponprinter_x64.ocx --a---- 652160 bytes [03:46 14/10/2012] [22:18 19/10/2012] 084D588FBA799735C41247AF960870DF

Searching for "*datamngr*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*opencandy*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*sweetpacks*"
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5F0OFHV\logo_sweetpacks[1].png --a---- 9503 bytes [10:31 06/04/2013] [10:31 06/04/2013] 6ED99F4A4AFEFFA5BB96E1B9D67F851F

Searching for "*sweetim*"
C:\Users\robert\AppData\Local\Temp\bundlesweetimsetup.exe --a---- 4636944 bytes [23:12 05/04/2013] [23:13 05/04/2013] ED09C05EE09F7093DB5D90EF59C26494
C:\Users\robert\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe --a---- 4636944 bytes [23:13 05/04/2013] [23:13 05/04/2013] ED09C05EE09F7093DB5D90EF59C26494

Searching for "*Tarma*"
C:\Users\robert\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1\Local Store\rdsulli2007@gmail.com\library\publishers\Star Magazine.png --a---- 97499 bytes [01:45 01/12/2012] [00:42 17/12/2012] 865A4AD459879FF3885F237E8F6F6F5D

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*Bandoo*"
No folders found.

Searching for "*Community*"
C:\Program Files (x86)\Common Files\Adobe\Templates\en_US\InDesign\6.0\Community Newspaper d------ [21:03 12/09/2011]

Searching for "*Conduit*"
No folders found.

Searching for "*coupon*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons d------ [11:01 12/03/2013]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Coupons d------ [11:01 12/03/2013]

Searching for "*datamngr*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*opencandy*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*sweetpacks*"
No folders found.

Searching for "*sweetim*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "Bandoo"
No data found.

Searching for "Community"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="leShort~Spn-http~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{PluginFilename~Shxmedplyeng.dll~ComponentCLSID~XAwQAAAEJ0RGLBgCgJEBtWQ==}{PluginFilename~Shxnetwksvc.dll~ComponentCLSID~XWo5XqUd82BGLywACs2WHIA==}{IndexNumber~N0~LoadMultiple~N1~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the Real
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="egurl|audio/scpls|audio/x-scpls~FileOpenNames~SMP3 Playlist Files (*.m3u,*.pls,*.xpl)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3metaff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/X-MP3-draft-00|audio/X-MP3-draft-00-RN|audio/MPEG-ELEMENTARY|audio/MPEG-ELEMENTARY-RN|audio/MPEG-ELEMENTARY-RAW|audio/rn-mpeg|audio/mpa-robust|audio/MPA|audio/mp1s|audio/mp2p|audio/vnd.rn-mp1s|audio/vnd.rn-mp2p}{IndexNumber~N0~LoadMultiple~N1~Version~N-268419019~Copyright~SCopyright(c
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="etworks Internet Video Recording Manager Plugin~DRMId~SRAV2~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_SOURCE_HANDLER~SOURCE_HANDLER_GUID~SA672077B-2DB6-492B-A079096204BF1B28~SourceHandlerType~SSOURCE_HANDLER_DRM}{IndexNumber~N1~LoadMultiple~N1~Renderer_Granularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sivr-null}{IndexNumber~N0~LoadMultiple~N1~Version~N-268419019~Copyright~S(c) 1995,1996,1997 RealNetworks, All rights reserved.~Description~SRecord File Format Plugin~FileExtensions~Srec|ivr~FileMime~Sapplication/x-pn-recordfileformat~FileOpenNames~SInternet Video Recording (*.ivr)~PlgCopy~Shttp://www.real.com~PluginFilename~Srecf3260.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~
[HKEY_CURRENT_USER\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N3~LoadMultiple~N1~Renderer_Granularity~N200~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Synchronized Renderer Plugin~PlgCopy~Shttp:/
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey]
"Publisher"="AutoHotkey Community"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wireshark]
"Publisher"="The Wireshark developer community, http://www.wireshark.org"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.1.183]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\Dell Laser 1100]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\Dell Laser 1110]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.1.183]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\Standard TCP/IP Port\Ports\Dell Laser 1100]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\Standard TCP/IP Port\Ports\Dell Laser 1110]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\192.168.1.183]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\Dell Laser 1100]
"SNMP Community"="public"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\Dell Laser 1110]
"SNMP Community"="public"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~S3GPP Timed Text Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~S3gppttrenderer.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/X-RN-3GPP-TEXT}{IndexNumber~N0~LoadMultiple~N1~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2005. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac|audio/aacp~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{I
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo1]
@="leShort~Spn-http~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks RFC 2397 Data Scheme File System~FileProtocol~Sdata|tone~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{PluginFilename~Shxmedplyeng.dll~ComponentCLSID~XAwQAAAEJ0RGLBgCgJEBtWQ==}{PluginFilename~Shxnetwksvc.dll~ComponentCLSID~XWo5XqUd82BGLywACs2WHIA==}{IndexNumber~N0~LoadMultiple~N1~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo2]
@="egurl|audio/scpls|audio/x-scpls~FileOpenNames~SMP3 Playlist Files (*.m3u,*.pls,*.xpl)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3metaff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N0~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks MPEG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Smp3render.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/X-MP3-draft-00|audio/X-MP3-draft-00-RN|audio/MPEG-ELEMENTARY|audio/MPEG-ELEMENTARY-RN|audio/MPEG-ELEMENTARY-RAW|audio/rn-mpeg|audio/mpa-robust|audio/MPA|audio/mp1s|audio/mp2p|audio/vnd.rn-mp1s|audio/vnd.rn-mp2p}{IndexNumber~N0~LoadMultiple~N1~Ve
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo3]
@="etworks Internet Video Recording Manager Plugin~DRMId~SRAV2~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_SOURCE_HANDLER~SOURCE_HANDLER_GUID~SA672077B-2DB6-492B-A079096204BF1B28~SourceHandlerType~SSOURCE_HANDLER_DRM}{IndexNumber~N1~LoadMultiple~N1~Renderer_Granularity~N100~Version~N0~Copyright~S(c) 1995-2008 RealNetworks, All rights reserved.~Description~Sivr-null Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Sravemgr.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sivr-null}{IndexNumber~N0~LoadMultiple~N1~Version~N-268419019~Copyright~S(c) 1995,1996,1997 RealNetworks, All rights reserved.~Description~SRecord File Format Plugin~FileExtensions~Srec|ivr~FileMime~Sapplication/x-pn-recordfileformat~FileOpenNames~SInternet Video Recording (*.ivr)~PlgCopy~Shttp://www.real.com~PluginFilename~Srecf3260.dll~PluginT
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\RealNetworks\RealShare\15.0\Preferences\MountPoints\DT_Plugins\PluginHandlerData\PluginInfo4]
@="Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N3~LoadMultiple~N1~Renderer_Granularity~N200~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N-268419019~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)~Description~SRealNetworks Sync
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"D8EF64479F1C24D4AAEAD5CB5E68506A"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\D8EF64479F1C24D4AAEAD5CB5E68506A]
"File"="iSyncConduit.dll"

Searching for "coupon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\InprocServer32]
@="C:\Windows\COUPON~2.OCX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\ProgID]
@="coupons.couponprinter_x64.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\ToolboxBitmap32]
@="C:\Windows\COUPON~2.OCX, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}\InprocServer32]
@="C:\Windows\COUPON~2.OCX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\coupons.couponprinter_x64.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}\1.0\0\win32]
@="C:\Windows\CouponPrinter.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBED5D4B-6859-452B-80EA-3E66910984D7}\1.0]
@="couponprinter ActiveX Control module"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBED5D4B-6859-452B-80EA-3E66910984D7}\1.0\0\win32]
@="C:\Windows\couponprinter_x64.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\InprocServer32]
@="C:\Windows\COUPON~1.OCX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ProgID]
@="cpbrkpie.Coupon6Ctrl.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ToolboxBitmap32]
@="C:\Windows\COUPON~1.OCX, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}\InprocServer32]
@="C:\Windows\COUPON~1.OCX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}\1.0\0\win32]
@="C:\Windows\CouponPrinter.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CBED5D4B-6859-452B-80EA-3E66910984D7}\1.0]
@="couponprinter ActiveX Control module"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CBED5D4B-6859-452B-80EA-3E66910984D7}\1.0\0\win32]
@="C:\Windows\couponprinter_x64.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\InprocServer32]
@="C:\Windows\COUPON~1.OCX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ProgID]
@="cpbrkpie.Coupon6Ctrl.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ToolboxBitmap32]
@="C:\Windows\COUPON~1.OCX, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}\InprocServer32]
@="C:\Windows\COUPON~1.OCX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}\1.0\0\win32]
@="C:\Windows\CouponPrinter.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CBED5D4B-6859-452B-80EA-3E66910984D7}\1.0]
@="couponprinter ActiveX Control module"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CBED5D4B-6859-452B-80EA-3E66910984D7}\1.0\0\win32]
@="C:\Windows\couponprinter_x64.ocx"

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"

Searching for "Fun4IM"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "opencandy"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
No data found.

Searching for "sweetpacks"
No data found.

Searching for "sweetim"
No data found.

Searching for "Tarma"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mml\OpenWithProgIDs]
"soffice.StarMathDocument.6"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sxm]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sxm\OpenWithProgIDs]
"soffice.StarMathDocument.6"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument\CurVer]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument.6]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\ProgID]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\VersionIndependentProgID]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\OpenOffice.org\OpenOffice.org\3.3\Capabilities\FileAssociations]
".mml"="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\OpenOffice.org\OpenOffice.org\3.3\Capabilities\FileAssociations]
".sxm"="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\ProgID]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\VersionIndependentProgID]
@="soffice.StarMathDocument.6"

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Firefox Google Searches Are Being Censored

Unread postby wannabeageek » July 2nd, 2013, 11:48 pm

Hi bonnie,

Please run the following:

Step 1.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\coupons.couponprinter_x64.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBED5D4B-6859-452B-80EA-3E66910984D7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CBED5D4B-6859-452B-80EA-3E66910984D7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CBED5D4B-6859-452B-80EA-3E66910984D7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Trolltech]
    
    :Files
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Coupons
    C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll 
    C:\Program Files (x86)\Mozilla Firefox\components\npCouponPrinter.xpt 
    C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V39Y3ZNS\coupon[1].htm
    C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V39Y3ZNS\coupon[1].js
    C:\Windows\couponprinter_x64.ocx 
    C:\Users\robert\AppData\Local\Temp\bundlesweetimsetup.exe 
    C:\Users\robert\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe 
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Step 2.
ESET online scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic. Scroll down to find your product.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scanner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Please include in your next reply:
  1. Contents of OTL.txt log
  2. Contents of C:\Program Files\ESET\EsetOnlineScanner\log.txt
  3. Any problem executing the instructions?
  4. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware