Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

homepage on firefox defaults to http://fr.search.yahoo.com/?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

homepage on firefox defaults to http://fr.search.yahoo.com/?

Unread postby garypres » November 9th, 2013, 9:55 am

I have a problem in firefox in that my default homepage (usually google) changes to http://fr.search.yahoo.com/?type=198484 ... got-yhp-ff

I have run IObit malware fighter, advanced systemcare, hitman pro, adwcleaner but no malware is found, and the problem persists.

Any help gratefully received :)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by gary at 14:43:19 on 2013-11-09
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.3293.1956 [GMT 1:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Hpservice.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Online Armor\OAcat.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Online Armor\oasrv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Online Armor\OAui.exe
C:\Program Files (x86)\Online Armor\OAhlp.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com?pc=HPNTDFJS
uDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
mStart Page = hxxp://www.bing.com?pc=HPNTDFJS
mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
mWinlogon: Userinit = userinit.exe
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CR35CGS05V3:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
uRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
StartupFolder: C:\Users\gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{B47FD772-DB93-4D54-BE92-82AC918DD80D} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.bing.com?pc=HPNTDFJS
x64-mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [@OnlineArmor GUI] "C:\Program Files (x86)\Online Armor\OAui.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\gary\AppData\Roaming\Mozilla\Firefox\Profiles\87vd2679.default-1383943300214\
FF - prefs.js: browser.startup.homepage - hxxp://fr.search.yahoo.com/?type=198484 ... got-yhp-ff
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-11-30 80552]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-11-30 26280]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\Drivers\SmartDefragDriver.sys [2013-11-8 17720]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-4-11 92536]
R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2013-7-25 64720]
R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2013-7-25 62008]
R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2013-7-25 52360]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-11-8 878368]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-4-11 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-2-26 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-2-25 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2013-3-1 43320]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2013-2-1 1039160]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-11-8 335168]
R2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-8 2151200]
R2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\OAcat.exe [2013-10-15 584864]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-4-11 239176]
R2 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\OAsrv.exe [2013-10-15 4457688]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-2-15 94208]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-11-8 23048]
R3 OAnet;OnlineArmor Service;C:\Windows\System32\Drivers\OAnet.sys [2013-7-25 35368]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-11-8 34336]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-4-11 288328]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-11-8 830680]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\Windows\System32\Drivers\rtwlane.sys [2013-11-8 1544704]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-11-8 23016]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-4-11 58536]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\Drivers\amdkmafd.sys [2013-11-8 21160]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\Drivers\lvrs64.sys [2012-10-26 351520]
S3 LVUVC64;@oem20.inf,%PID_0825_DD%(UVC);Logitech HD Webcam C270(UVC);C:\Windows\System32\Drivers\lvuvc64.sys [2012-10-26 4758176]
S3 RTSPER;Realtek PCIe CardReader Driver;C:\Windows\System32\Drivers\RtsPer.sys [2013-4-11 448072]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-2-6 28400]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-2-6 31984]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-11-09 13:31:59 -------- d-----w- C:\ProgramData\HitmanPro
2013-11-09 13:23:44 -------- d-----w- C:\AdwCleaner
2013-11-09 12:47:39 -------- d-----w- C:\Windows\pss
2013-11-09 06:01:02 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{836F44F9-8587-4B87-8114-E2E097458EDA}\mpengine.dll
2013-11-08 22:08:37 -------- d-----w- C:\Program Files\Enigma Software Group
2013-11-08 22:07:36 -------- d-----w- C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-08 22:07:20 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-11-08 17:00:44 21160 ----a-w- C:\Windows\System32\drivers\amdkmafd.sys
2013-11-08 16:59:12 1544704 ----a-w- C:\Windows\System32\drivers\rtwlane.sys
2013-11-08 16:58:16 -------- d-----w- C:\Windows\LastGood.Tmp
2013-11-08 16:56:52 830680 ----a-w- C:\Windows\System32\drivers\Rt630x64.sys
2013-11-08 16:56:52 74456 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-11-08 16:40:12 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2013-11-08 16:39:38 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2013-11-08 16:10:47 -------- d-----w- C:\ProgramData\ProductData
2013-11-08 16:10:29 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-08 16:10:24 -------- d-----w- C:\ProgramData\IObit
2013-11-08 16:10:23 -------- d-----w- C:\Users\gary\AppData\Roaming\IObit
2013-11-08 16:09:59 -------- d-----w- C:\Program Files (x86)\IObit
2013-11-08 07:56:09 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-11-05 17:06:08 342704 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10224.bin
2013-10-29 11:19:55 -------- d-----w- C:\Program Files (x86)\VideoLAN
.
==================== Find3M ====================
.
2013-10-15 17:24:47 35368 ----a-w- C:\Windows\System32\drivers\OAnet.sys
2013-10-15 17:24:46 64720 ----a-w- C:\Windows\SysWow64\drivers\OADriver.sys
2013-10-15 17:24:46 52360 ----a-w- C:\Windows\SysWow64\drivers\OAmon.sys
2013-10-15 17:23:56 62008 ----a-w- C:\Windows\SysWow64\drivers\oahlp64.sys
.
============= FINISH: 14:44:57.08 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 18/07/2013 11:40:07
System Uptime: 09/11/2013 14:26:07 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1984
Processor: AMD A4-5150M APU with Radeon(tm) HD Graphics | Socket FT1 | 2700/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 677 GiB total, 629.64 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 1.729 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: USB Video Device
Device ID: USB\VID_0BDA&PID_571C&MI_00\6&482E83D&0&0000
Manufacturer: Microsoft
Name: HP Truevision HD
PNP Device ID: USB\VID_0BDA&PID_571C&MI_00\6&482E83D&0&0000
Service: usbvideo
.
==== System Restore Points ===================
.
RP10: 22/10/2013 03:05:15 - Scheduled Checkpoint
RP11: 31/10/2013 08:47:06 - Scheduled Checkpoint
RP12: 07/11/2013 09:34:57 - Scheduled Checkpoint
RP13: 08/11/2013 17:55:40 - Driver Booster : Realtek PCIe FE Family Controller
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Advanced SystemCare 7
Aloha TriPeaks
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
Bejeweled 3
Bonjour
Build-a-lot
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cradle of Rome 2
Crazy Chicken Soccer
CyberLink LabelPrint
CyberLink Media Suite 10
Cyberlink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Driver Booster
Energy Star
erLT
Farm Frenzy
Galerie de photos
GIMP 2.8.6
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.1.1
HP 3D DriveGuard
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Photosmart 5510 series Basic Device Software
HP Postscript Converter
HP Quick Start
HP Recovery Manager
HP Registration Service
HP Support Assistant
HP System Event Utility
HP Update
HP Utility Center
HP Wireless Button Driver
IObit Malware Fighter
IObit Uninstaller
Jeux WildTangent
Jewel Match 3
Jewel Quest II
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Mahjongg Artifacts
Microsoft Application Error Reporting
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Movie Maker
Mozilla Firefox 25.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
OEM Application Profile
Online Armor 6.0
OpenOffice 4.0.0
Photo Common
Photo Gallery
Pixel Ruler
Plants vs. Zombies - Game of the Year
Polar Bowler
Ranch Rush 2 - Premium Edition
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Royal Envoy 2 Collector's Edition
Skype™ 6.10
Smart Defrag 2
Surfing Protection
swMSM
Synaptics Pointing Device Driver
Trinklit Supreme
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
Virtual Families
VLC media player 2.1.0
Wedding Dash
WildTangent Games App (HP Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPatrol
WinRAR 5.00 (64-bit)
Youda Jewel Shop
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
09/11/2013 14:29:05, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found.
09/11/2013 14:26:30, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "B8763F0603D9" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
09/11/2013 14:18:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
09/11/2013 13:52:24, Error: Service Control Manager [7030] - The Task Scheduler service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
09/11/2013 13:49:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
09/11/2013 13:49:02, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
09/11/2013 13:49:02, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
09/11/2013 13:49:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
09/11/2013 13:48:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
09/11/2013 13:48:42, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error: A device attached to the system is not functioning.
09/11/2013 13:48:42, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
09/11/2013 13:48:42, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
09/11/2013 13:48:42, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
09/11/2013 13:48:41, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
09/11/2013 13:48:39, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
09/11/2013 13:48:39, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error: A device attached to the system is not functioning.
09/11/2013 13:48:39, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
09/11/2013 13:48:39, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
09/11/2013 13:48:09, Error: NetBT [4300] - The driver could not be created.
09/11/2013 13:37:53, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\Rtlihvs.dll
08/11/2013 23:53:15, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.
08/11/2013 21:33:50, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.11. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer.
08/11/2013 17:10:30, Error: Service Control Manager [7030] - The Advanced SystemCare Service 7 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
05/11/2013 20:19:29, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: WinZipComputing.WinZip.
03/11/2013 09:25:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
.
==== End Of File ===========================
garypres
Active Member
 
Posts: 4
Joined: November 9th, 2013, 9:45 am
Advertisement
Register to Remove

Re: homepage on firefox defaults to http://fr.search.yahoo.c

Unread postby Cypher » November 10th, 2013, 11:19 am

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: homepage on firefox defaults to http://fr.search.yahoo.c

Unread postby Cypher » November 10th, 2013, 11:24 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Uninstall these.
Advanced SystemCare 7
IObit Malware Fighter


Next.

Please download a new copy of AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: homepage on firefox defaults to http://fr.search.yahoo.c

Unread postby garypres » November 10th, 2013, 7:02 pm

Thanks Cypher

# AdwCleaner v3.011 - Report created 10/11/2013 at 23:45:24
# Updated 03/11/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : gary - MASTER
# Running from : C:\Users\gary\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v25.0 (en-GB)

[ File : C:\Users\gary\AppData\Roaming\Mozilla\Firefox\Profiles\87vd2679.default-1383943300214\prefs.js ]


*************************

AdwCleaner[R0].txt - [833 octets] - [09/11/2013 14:23:53]
AdwCleaner[R1].txt - [871 octets] - [10/11/2013 23:44:42]
AdwCleaner[S0].txt - [853 octets] - [09/11/2013 14:25:20]
AdwCleaner[S1].txt - [793 octets] - [10/11/2013 23:45:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [852 octets] ##########

OTL logfile created on: 10/11/2013 23:50:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gary\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.22 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 63.27% Memory free
6.47 Gb Paging File | 5.06 Gb Available in Paging File | 78.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 676.53 Gb Total Space | 629.99 Gb Free Space | 93.12% Space Free | Partition Type: NTFS
Drive D: | 21.33 Gb Total Space | 1.73 Gb Free Space | 8.10% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 0.97 Gb Free Space | 51.39% Space Free | Partition Type: FAT

Computer Name: MASTER | User Name: gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/10 23:49:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gary\Desktop\OTL.exe
PRC - [2013/10/30 08:33:36 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2013/10/15 18:24:28 | 007,558,464 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\OAui.exe
PRC - [2013/10/15 18:24:14 | 004,457,688 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\OAsrv.exe
PRC - [2013/10/15 18:23:55 | 003,976,672 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\OAhlp.exe
PRC - [2013/10/15 18:23:47 | 000,584,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\OAcat.exe
PRC - [2013/09/05 03:09:20 | 000,441,408 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/02/25 12:39:26 | 001,045,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2013/02/01 16:00:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2013/01/17 10:14:08 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/09/12 23:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/12 23:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2012/07/13 14:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/06/08 04:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/30 08:33:18 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/07/15 18:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/09/12 23:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/12 23:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/12 23:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/12 23:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/12 23:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/12 23:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/12 23:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2012/06/08 10:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/08 04:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/07/02 01:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/05/04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/21 20:24:48 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/03/21 20:24:48 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/03/21 20:15:10 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/03/21 19:51:45 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/03/21 19:51:25 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/03/02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/03/01 14:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2013/02/26 08:55:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/02/25 23:31:30 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/02/20 06:10:00 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2012/07/26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2009/11/18 03:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/10/30 08:33:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/10/24 07:19:10 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/15 18:24:14 | 004,457,688 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\OAsrv.exe -- (SvcOnlineArmor)
SRV - [2013/10/15 18:23:47 | 000,584,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\OAcat.exe -- (OAcat)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/03/21 20:15:10 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/02/01 16:00:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/26 04:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/26 04:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/08 18:00:45 | 000,021,160 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdkmafd.sys -- (amdkmafd)
DRV:64bit: - [2013/11/08 17:59:12 | 001,544,704 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/11/08 17:56:52 | 000,830,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/10/15 18:24:47 | 000,035,368 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\OAnet.sys -- (OAnet)
DRV:64bit: - [2013/07/02 01:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 23:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/05/04 08:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 08:34:17 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/05/04 08:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/03/21 20:24:48 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/03/21 20:18:53 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/03/21 20:15:10 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/03/21 20:08:41 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/03/21 20:08:41 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/03/21 20:08:41 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2013/03/21 19:54:05 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/03/21 19:51:22 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/03/21 19:51:22 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/03/21 19:51:22 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/03/02 11:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/03/02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 11:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 11:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/03/02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/03/01 14:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2013/03/01 14:40:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2013/02/26 09:54:40 | 011,635,200 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/02/26 08:28:22 | 000,578,560 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/02/15 04:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/02/06 05:54:18 | 000,469,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/02/06 05:54:16 | 000,031,984 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/02/06 05:54:16 | 000,028,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/02/02 08:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/02/02 01:08:18 | 000,448,072 | ---- | M] (RTS Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsPer.sys -- (RTSPER)
DRV:64bit: - [2013/01/24 01:29:56 | 000,288,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/11/30 10:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/11/30 10:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/11/20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/10/26 15:42:22 | 004,758,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/10/26 15:42:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/08/31 08:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/08/28 16:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/07/26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/06/25 09:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/02 15:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/04/09 08:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2013/10/15 18:24:46 | 000,064,720 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2013/10/15 18:24:46 | 000,052,360 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2013/10/15 18:23:56 | 000,062,008 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{3D825857-AB19-445E-8D25-5C48DFD14D97}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDFJS
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3D825857-AB19-445E-8D25-5C48DFD14D97}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDFJS
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
IE - HKCU\..\SearchScopes\{3D825857-AB19-445E-8D25-5C48DFD14D97}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://fr.search.yahoo.com/?type=198484&fr=spigot-yhp-ff"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/09/09 19:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gary\AppData\Roaming\mozilla\Extensions
[2013/10/30 08:33:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/30 08:33:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
File not found (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\87VD2679.DEFAULT-1383943300214\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM

O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\OAui.exe (Emsisoft GmbH)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Users\gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B47FD772-DB93-4D54-BE92-82AC918DD80D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/11/08 23:10:15 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/10 23:49:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\gary\Desktop\OTL.exe
[2013/11/10 23:39:04 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2013/11/09 14:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/11/09 14:23:44 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/09 13:47:39 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/11/08 23:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/11/08 23:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/11/08 21:41:44 | 000,000,000 | ---D | C] -- C:\Users\gary\Desktop\Old Firefox Data
[2013/11/08 17:56:52 | 000,830,680 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt630x64.sys
[2013/11/08 17:11:13 | 000,000,000 | ---D | C] -- C:\Users\gary\AppData\Roaming\Apple Computer
[2013/11/08 17:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2013/11/08 17:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2013/11/08 17:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/11/08 17:10:23 | 000,000,000 | ---D | C] -- C:\Users\gary\AppData\Roaming\IObit
[2013/11/08 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/11/05 20:25:44 | 000,000,000 | ---D | C] -- C:\Users\gary\AppData\Roaming\WinRAR
[2013/11/05 20:24:56 | 000,000,000 | ---D | C] -- C:\Users\gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/11/05 20:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/11/05 20:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/10/30 08:33:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/29 12:20:29 | 000,000,000 | ---D | C] -- C:\Users\gary\AppData\Roaming\vlc
[2013/10/29 12:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/10/29 12:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/10 23:51:31 | 001,994,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/10 23:51:31 | 000,877,348 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/11/10 23:51:31 | 000,788,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/10 23:51:31 | 000,191,806 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/11/10 23:51:31 | 000,162,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/10 23:49:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gary\Desktop\OTL.exe
[2013/11/10 23:48:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/10 23:46:14 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/11/10 23:46:08 | 2762,526,720 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/10 18:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/09 21:32:50 | 000,190,692 | ---- | M] () -- C:\Users\gary\AppData\Local\recently-used.xbel
[2013/11/09 21:32:16 | 000,077,157 | ---- | M] () -- C:\Users\gary\Desktop\gpot.jpg
[2013/11/09 14:23:08 | 001,073,262 | ---- | M] () -- C:\Users\gary\Desktop\AdwCleaner.exe
[2013/11/08 23:10:15 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/11/08 17:56:52 | 000,830,680 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt630x64.sys
[2013/11/08 16:45:36 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForgary.job
[2013/11/07 22:05:32 | 003,867,956 | ---- | M] () -- C:\Users\gary\Desktop\Barley_by_jsz.png
[2013/11/07 20:23:46 | 000,270,303 | ---- | M] () -- C:\Users\gary\Desktop\lavender_bag.jpg
[2013/11/07 17:37:22 | 000,070,361 | ---- | M] () -- C:\Users\gary\Desktop\rosehips.jpg
[2013/11/07 17:28:13 | 000,047,476 | ---- | M] () -- C:\Users\gary\Desktop\broccoli-seedlings.jpg
[2013/11/07 17:25:53 | 000,008,876 | ---- | M] () -- C:\Users\gary\Desktop\growth.jpg
[2013/11/07 16:58:33 | 000,075,819 | ---- | M] () -- C:\Users\gary\Desktop\yoga_private_session-474x300.jpg
[2013/11/07 16:28:53 | 000,176,624 | ---- | M] () -- C:\Users\gary\Desktop\frb3-9g-sml.jpg
[2013/11/07 16:21:02 | 000,338,943 | ---- | M] () -- C:\Users\gary\Desktop\Christmas Lights 082.JPG
[2013/11/07 16:12:18 | 000,577,966 | ---- | M] () -- C:\Users\gary\Desktop\Winter-snow-flakes-winter-22231258-1238-768.jpg
[2013/11/07 11:34:44 | 000,321,626 | ---- | M] () -- C:\Users\gary\Desktop\wreath.jpg
[2013/11/05 16:16:29 | 000,068,695 | ---- | M] () -- C:\Users\gary\Desktop\lavender-rosemary-bath-salts.jpg
[2013/11/05 15:01:22 | 000,270,960 | ---- | M] () -- C:\Users\gary\Desktop\attestation_prescod_MSA.pdf
[2013/11/05 14:58:10 | 000,438,022 | ---- | M] () -- C:\Users\gary\Desktop\attestation_prescod_civile.pdf
[2013/11/04 20:18:18 | 000,021,285 | ---- | M] () -- C:\Users\gary\Desktop\theiere-poussoire-fonte.jpg
[2013/11/04 20:18:05 | 000,013,300 | ---- | M] () -- C:\Users\gary\Desktop\chutneyFiguesFromages.jpg
[2013/11/04 17:06:50 | 000,024,741 | ---- | M] () -- C:\Users\gary\Desktop\chutney et condiments1.jpg
[2013/11/04 16:00:49 | 000,040,354 | ---- | M] () -- C:\Users\gary\Desktop\Mixed Herbs 060909.JPG
[2013/11/04 12:23:37 | 000,002,304 | ---- | M] () -- C:\Users\gary\Desktop\vinegar.jpg
[2013/11/03 18:12:28 | 000,190,210 | ---- | M] () -- C:\Users\gary\Desktop\yy-Herb-Flower-Mix-1024x708.jpg
[2013/11/03 18:10:10 | 000,184,734 | ---- | M] () -- C:\Users\gary\Desktop\Herb-Tops-Sage-Mix-Web.jpg
[2013/11/03 16:19:40 | 000,167,101 | ---- | M] () -- C:\Users\gary\Desktop\Hypnoanalysis-children’s-emotional-wellbeing-Suffolk.jpg
[2013/11/03 13:19:26 | 000,186,699 | ---- | M] () -- C:\Users\gary\Desktop\herbal-tea11.jpg
[2013/11/03 13:17:08 | 000,113,561 | ---- | M] () -- C:\Users\gary\Desktop\tilleul_tisane .JPG
[2013/11/03 12:56:10 | 000,008,411 | ---- | M] () -- C:\Users\gary\Desktop\jar2.jpg
[2013/11/03 12:55:54 | 012,040,735 | ---- | M] () -- C:\Users\gary\Desktop\stinging_nettle.jpg
[2013/11/03 12:35:12 | 009,445,573 | ---- | M] () -- C:\Users\gary\Desktop\jar.png
[2013/10/31 17:26:18 | 000,028,735 | ---- | M] () -- C:\Users\gary\Desktop\matthiola-incana-white.jpg
[2013/10/29 15:41:37 | 000,001,119 | ---- | M] () -- C:\Users\gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2013/10/25 15:51:26 | 000,222,252 | ---- | M] () -- C:\Users\gary\Desktop\baumes.odp
[2013/10/22 15:34:23 | 000,357,150 | ---- | M] () -- C:\Users\gary\Desktop\P8.JPG
[2013/10/22 15:33:01 | 000,225,875 | ---- | M] () -- C:\Users\gary\Desktop\P7.JPG
[2013/10/22 15:32:18 | 000,447,299 | ---- | M] () -- C:\Users\gary\Desktop\P6.JPG
[2013/10/22 15:31:19 | 000,362,547 | ---- | M] () -- C:\Users\gary\Desktop\P5.JPG
[2013/10/22 15:27:58 | 000,222,562 | ---- | M] () -- C:\Users\gary\Desktop\P3.JPG
[2013/10/22 15:27:17 | 000,337,208 | ---- | M] () -- C:\Users\gary\Desktop\P2.JPG
[2013/10/22 15:26:06 | 000,192,947 | ---- | M] () -- C:\Users\gary\Desktop\P1.JPG
[2013/10/21 12:14:51 | 000,069,461 | ---- | M] () -- C:\Users\gary\Desktop\J2.JPG
[2013/10/21 12:13:21 | 000,267,848 | ---- | M] () -- C:\Users\gary\Desktop\J1.JPG
[2013/10/15 18:24:47 | 000,035,368 | ---- | M] (Emsisoft) -- C:\Windows\SysNative\drivers\OAnet.sys
[2013/10/15 18:24:46 | 000,064,720 | ---- | M] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2013/10/15 18:24:46 | 000,052,360 | ---- | M] (Emsisoft) -- C:\Windows\SysWow64\drivers\OAmon.sys
[2013/10/15 18:23:56 | 000,062,008 | ---- | M] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/09 21:32:50 | 000,190,692 | ---- | C] () -- C:\Users\gary\AppData\Local\recently-used.xbel
[2013/11/09 14:22:50 | 001,073,262 | ---- | C] () -- C:\Users\gary\Desktop\AdwCleaner.exe
[2013/11/08 23:10:15 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/11/07 22:04:17 | 003,867,956 | ---- | C] () -- C:\Users\gary\Desktop\Barley_by_jsz.png
[2013/11/07 20:23:44 | 000,270,303 | ---- | C] () -- C:\Users\gary\Desktop\lavender_bag.jpg
[2013/11/07 17:37:20 | 000,070,361 | ---- | C] () -- C:\Users\gary\Desktop\rosehips.jpg
[2013/11/07 17:28:12 | 000,047,476 | ---- | C] () -- C:\Users\gary\Desktop\broccoli-seedlings.jpg
[2013/11/07 17:25:51 | 000,008,876 | ---- | C] () -- C:\Users\gary\Desktop\growth.jpg
[2013/11/07 16:58:30 | 000,075,819 | ---- | C] () -- C:\Users\gary\Desktop\yoga_private_session-474x300.jpg
[2013/11/07 16:28:51 | 000,176,624 | ---- | C] () -- C:\Users\gary\Desktop\frb3-9g-sml.jpg
[2013/11/07 16:20:57 | 000,338,943 | ---- | C] () -- C:\Users\gary\Desktop\Christmas Lights 082.JPG
[2013/11/07 16:12:16 | 000,577,966 | ---- | C] () -- C:\Users\gary\Desktop\Winter-snow-flakes-winter-22231258-1238-768.jpg
[2013/11/07 11:34:44 | 000,321,626 | ---- | C] () -- C:\Users\gary\Desktop\wreath.jpg
[2013/11/05 16:16:28 | 000,068,695 | ---- | C] () -- C:\Users\gary\Desktop\lavender-rosemary-bath-salts.jpg
[2013/11/05 15:01:22 | 000,270,960 | ---- | C] () -- C:\Users\gary\Desktop\attestation_prescod_MSA.pdf
[2013/11/05 14:57:56 | 000,438,022 | ---- | C] () -- C:\Users\gary\Desktop\attestation_prescod_civile.pdf
[2013/11/05 14:12:32 | 000,021,285 | ---- | C] () -- C:\Users\gary\Desktop\theiere-poussoire-fonte.jpg
[2013/11/04 20:20:02 | 000,013,300 | ---- | C] () -- C:\Users\gary\Desktop\chutneyFiguesFromages.jpg
[2013/11/04 20:18:51 | 000,024,741 | ---- | C] () -- C:\Users\gary\Desktop\chutney et condiments1.jpg
[2013/11/04 16:02:18 | 000,040,354 | ---- | C] () -- C:\Users\gary\Desktop\Mixed Herbs 060909.JPG
[2013/11/04 12:23:35 | 000,002,304 | ---- | C] () -- C:\Users\gary\Desktop\vinegar.jpg
[2013/11/03 23:21:13 | 000,077,157 | ---- | C] () -- C:\Users\gary\Desktop\gpot.jpg
[2013/11/03 18:12:27 | 000,190,210 | ---- | C] () -- C:\Users\gary\Desktop\yy-Herb-Flower-Mix-1024x708.jpg
[2013/11/03 18:10:09 | 000,184,734 | ---- | C] () -- C:\Users\gary\Desktop\Herb-Tops-Sage-Mix-Web.jpg
[2013/11/03 16:19:38 | 000,167,101 | ---- | C] () -- C:\Users\gary\Desktop\Hypnoanalysis-children’s-emotional-wellbeing-Suffolk.jpg
[2013/11/03 13:19:25 | 000,186,699 | ---- | C] () -- C:\Users\gary\Desktop\herbal-tea11.jpg
[2013/11/03 13:17:05 | 000,113,561 | ---- | C] () -- C:\Users\gary\Desktop\tilleul_tisane .JPG
[2013/11/03 12:56:10 | 000,008,411 | ---- | C] () -- C:\Users\gary\Desktop\jar2.jpg
[2013/11/03 12:54:37 | 012,040,735 | ---- | C] () -- C:\Users\gary\Desktop\stinging_nettle.jpg
[2013/11/03 12:33:55 | 009,445,573 | ---- | C] () -- C:\Users\gary\Desktop\jar.png
[2013/11/01 10:36:16 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForgary.job
[2013/10/31 17:26:16 | 000,028,735 | ---- | C] () -- C:\Users\gary\Desktop\matthiola-incana-white.jpg
[2013/10/29 15:41:37 | 000,001,119 | ---- | C] () -- C:\Users\gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2013/10/25 15:27:30 | 000,222,252 | ---- | C] () -- C:\Users\gary\Desktop\baumes.odp
[2013/10/24 07:19:11 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/22 15:34:22 | 000,357,150 | ---- | C] () -- C:\Users\gary\Desktop\P8.JPG
[2013/10/22 15:33:01 | 000,225,875 | ---- | C] () -- C:\Users\gary\Desktop\P7.JPG
[2013/10/22 15:32:18 | 000,447,299 | ---- | C] () -- C:\Users\gary\Desktop\P6.JPG
[2013/10/22 15:31:18 | 000,362,547 | ---- | C] () -- C:\Users\gary\Desktop\P5.JPG
[2013/10/22 15:27:58 | 000,222,562 | ---- | C] () -- C:\Users\gary\Desktop\P3.JPG
[2013/10/22 15:27:17 | 000,337,208 | ---- | C] () -- C:\Users\gary\Desktop\P2.JPG
[2013/10/22 15:26:06 | 000,192,947 | ---- | C] () -- C:\Users\gary\Desktop\P1.JPG
[2013/10/21 12:14:50 | 000,069,461 | ---- | C] () -- C:\Users\gary\Desktop\J2.JPG
[2013/10/21 12:13:21 | 000,267,848 | ---- | C] () -- C:\Users\gary\Desktop\J1.JPG
[2013/09/14 15:57:45 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/07/25 10:51:04 | 000,064,720 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2013/07/25 10:51:04 | 000,062,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2013/04/11 11:06:44 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/04/11 11:01:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/03/21 19:51:25 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/02/26 07:47:58 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/02/26 07:47:58 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/26 23:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/10/26 15:42:24 | 000,336,232 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/10/26 15:42:22 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/10/26 15:42:22 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/08/03 23:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 21:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 21:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 21:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/03/21 12:29:23 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 07:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 06:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/09 15:16:49 | 000,000,000 | ---D | M] -- C:\Users\gary\AppData\Roaming\Desktop Apps
[2013/11/08 17:39:38 | 000,000,000 | ---D | M] -- C:\Users\gary\AppData\Roaming\IObit
[2013/09/30 17:27:15 | 000,000,000 | ---D | M] -- C:\Users\gary\AppData\Roaming\Leadertech
[2013/07/25 10:53:50 | 000,000,000 | ---D | M] -- C:\Users\gary\AppData\Roaming\OnlineArmor
[2013/09/13 12:40:24 | 000,000,000 | ---D | M] -- C:\Users\gary\AppData\Roaming\OpenOffice
[2013/07/18 10:42:24 | 000,000,000 | ---D | M] -- C:\Users\gary\AppData\Roaming\Synaptics
[2013/07/25 10:35:58 | 000,000,000 | ---D | M] -- C:\Users\gary\AppData\Roaming\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 684 bytes -> C:\Users\gary\Desktop\colis déposé.eml:OECustomProperty

< End of report >

OTL Extras logfile created on: 10/11/2013 23:50:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gary\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.22 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 63.27% Memory free
6.47 Gb Paging File | 5.06 Gb Available in Paging File | 78.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 676.53 Gb Total Space | 629.99 Gb Free Space | 93.12% Space Free | Partition Type: NTFS
Drive D: | 21.33 Gb Total Space | 1.73 Gb Free Space | 8.10% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 0.97 Gb Free Space | 51.39% Space Free | Partition Type: FAT

Computer Name: MASTER | User Name: gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1091D3A3-F826-4E88-88B2-F64C6FAF4532}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14540906-1FA8-4372-B35E-11180C3DD46B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{20B2ED92-D300-4562-93CB-994994526EF4}" = rport=139 | protocol=6 | dir=out | app=system |
"{3ED339EF-6DF0-4D90-9CB1-8B73F537356A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47B988F9-A035-4F9C-98E6-7BA01AB2193E}" = lport=138 | protocol=17 | dir=in | app=system |
"{4939F54D-5355-4E65-864D-3A07D4E5884C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DC07634-8C21-480C-8335-46E4B529242C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{648761D4-E8D8-4F38-B230-5A2A571C5C7D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{65D54D53-4B99-42D0-9CD2-8EF46EA17E06}" = lport=137 | protocol=17 | dir=in | app=system |
"{6EF4BC19-42B4-4EE8-98C1-A557430F036B}" = lport=139 | protocol=6 | dir=in | app=system |
"{6F8A1A29-B4E0-4723-8D8A-15F6F609B52F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72AC46B9-B480-4DFF-BC13-A8DBC5A6FA44}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7809E84F-C78E-4BCB-B8FE-EB87C492B0EF}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A04EB9B-E198-4D4A-83A3-394C04DE6C24}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A166FA9C-4484-4EFB-8DC8-823A94682EFC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AD7D1C92-F78C-4E25-9BF0-8803664A6AF9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AFC0E036-A5E4-4DFB-88D5-DC6BB7E9E3CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B37A607A-B585-4A83-9618-92A8EE6E7640}" = rport=137 | protocol=17 | dir=out | app=system |
"{D5278280-3009-4073-83C5-03A59E9F2F77}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E83465B1-487E-4202-94C4-30D2F4AF2BE9}" = lport=445 | protocol=6 | dir=in | app=system |
"{E9E75AAA-E59F-4769-8A8E-29DDE3908EE8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE0236D6-AB78-4021-8B8E-1424E97AFFA2}" = rport=138 | protocol=17 | dir=out | app=system |
"{F05DB3AC-8470-44F3-B1F7-1D484F64D392}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0064A27E-CFC8-4306-A7BA-7E3F832CEF2F}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{009945CE-1D59-4F81-974A-4E88E9BA13F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0662D6EF-8D45-48CF-BFBB-8EC34F44FC43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0799EB23-C81A-44EF-8C31-E545DDD0BBC0}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{081A9D73-4E21-46E3-9057-124CF096A0CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14EC8D37-24EB-45F1-AEC7-99D00C8FAF60}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |
"{1A2240A7-C470-41A5-AC28-1D208D3BC1F5}" = protocol=6 | dir=in | app=c:\users\gary\appdata\local\temp\7zs7824\hppiw.exe |
"{1DD91E00-FFCC-4B4D-A011-1C8B5DB27090}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{252575FE-C994-4335-979D-65A645EDCDA8}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{2D079DC0-FDF6-4E50-9049-7E9CFE89F344}" = protocol=6 | dir=out | app=system |
"{324FC36A-415D-497C-9E8E-5C67470E61BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34329C33-1DB8-472B-8ACE-2854151974DF}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{3C5ED98B-DBD0-46A2-A189-435855D38CEB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3DC731CA-5A41-4F03-9D17-A6DEDD389552}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{41E9254F-3AB9-41AA-B009-E0FE6C091CF3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4359110B-7BBC-42CE-A15D-54168409897B}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{4474C3AB-E1D8-4104-AC8D-5837CB582212}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E8819E0-0F9B-40DD-AD83-53ABD298043E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4F5EDA5C-1292-46B1-818F-40A8C7C96A9C}" = dir=in | name=hp printer control |
"{5180CECD-9811-4FC7-8AE7-6713C0F5CFBE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{56A57DB6-C6D0-49D0-8B1A-83030C899456}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B828D20-C3A5-46D1-AFF7-09593D7F7DB8}" = protocol=17 | dir=in | app=c:\users\gary\appdata\local\temp\7zs7824\hppiw.exe |
"{629D0ED3-354C-4010-95EF-C3BDE11E07FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68869A28-FFE9-4015-9BF4-9EF74B0CDD59}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{748E2FD5-140E-43F8-9674-E98999B05CFF}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{7D9A7539-D8A2-4F85-ABE0-DCB96492EB41}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{93072936-D2AC-417D-B4A3-E8C80FB797DC}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe |
"{9316BDBC-9A56-459F-AF64-3A9EAD54EE58}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{9C1F90A3-AC2F-47C9-B193-E6993709455E}" = dir=out | name=hp printer control |
"{9F260839-4C69-43B0-B5A9-2E23E714E20F}" = dir=in | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{A39B86D6-11AB-4A3A-A911-857E2CD10314}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5D326E4-842E-48D0-B201-6F74E373DFE7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AAE716C2-0835-43A6-8E83-83310384B7D5}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe |
"{AB075ACE-3A87-4780-963A-6204C1A27413}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicatorcom.exe |
"{ACE41FD1-47AB-49A3-977C-A3B96585A420}" = dir=out | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{AE8F5C72-7B84-4A4E-86D5-490535258EC5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B44BC352-FC84-4582-833D-A46B895C5F80}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B56AAD70-21B6-4F80-988A-8F3257A42513}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C0990AAD-6941-464D-BA50-2469437802AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D53E3861-2880-42C6-B1AD-583474146397}" = dir=out | name=getting started with windows 8 |
"{D9F2C319-FF74-402D-809B-3B823F3FF564}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC934A56-7690-48DB-82F8-E7F4947C1BE6}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{E0829ECE-1C52-47B6-B98F-3E7C312A52E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E42556ED-AA1F-42F1-A014-8117B1D59860}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E45B0C21-6E9B-40C9-8800-290984CD32A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E8DC5F4E-EDA6-4860-8093-23190982760D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{F103A0F1-4AC6-4204-A49D-0497B7C04E48}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{F23C1D76-A047-4C89-A93B-AF5611AE21BD}" = dir=out | name=hp registration |
"{FA9D0B6A-D70F-46DE-BE24-AB091EF8D7C0}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{FB6FBB1E-C18E-4E72-AA55-5D2AAD25650A}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |
"{FE4B7F58-39B8-4573-B70A-5D0D7F60F473}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73237EBB-B26F-4628-8754-4EFE563D72E9}" = HP Utility Center
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DF3589E-483F-65F3-32F7-006C0B162891}" = AMD Fuel
"{9E2BF31C-7E39-C549-8AFE-56C3B927BD91}" = AMD Catalyst Install Manager
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{AFD060D5-8D37-8B06-6A03-F2C5128496ED}" = ccc-utility64
"{CFF43B48-42A1-4967-9506-7E341BBD075F}" = HP Photosmart 5510 series Basic Device Software
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F2B9FC01-887F-AB28-8880-233894150681}" = AMD Accelerated Video Transcoding
"GIMP-2_is1" = GIMP 2.8.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 5.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{020FF978-7DD6-EEE3-47E3-2F37B6449F54}" = CCC Help Chinese Standard
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{117DF79C-38F1-8A46-A488-365A72C4C1F1}" = CCC Help Finnish
"{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1AE37508-089E-41AC-95BD-99FF06887C2F}" = HP Recovery Manager
"{1E48910A-F1D9-0526-DF24-8024C3BA7566}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2585840A-1098-A34B-42BD-9422B84602F7}" = CCC Help Polish
"{25EC2D8D-D64D-4EA0-6341-C0F79883FBFE}" = CCC Help Chinese Traditional
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{300699CA-B992-4719-0D29-3A33D960D4AC}" = Catalyst Control Center Graphics Previews Common
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{391FE76E-DC08-180B-61EF-C208698E6199}" = CCC Help Dutch
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{586FC9AE-F8A1-D397-178A-304F67D4AF18}" = CCC Help English
"{58F9538F-E242-C094-B68D-3A4CB9E3654A}" = CCC Help Danish
"{600C1E5D-E59E-9B9A-824C-70A3A863DCC9}" = CCC Help Japanese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6BE061BE-0474-EA1F-DE33-91826D7868D9}" = CCC Help French
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7F149284-BA2D-DB74-0405-EB5D9D2F452C}" = CCC Help Korean
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8BF1459F-FDDE-673C-2378-A803DC278270}" = CCC Help Turkish
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{927CFF8E-A448-46D3-01B9-764FC2A881BA}" = CCC Help Greek
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{966BD8E8-DEAB-458D-B330-1388A4CC0A6C}" = HP Documentation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E1227EB-BFD6-970B-7867-0658EC53525F}" = CCC Help Hungarian
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A34FE6B9-B981-B2F5-DF3D-78D61776EA0C}" = CCC Help Spanish
"{A5107464-AA9B-4177-8129-5FF2F42DD322}" = REALTEK Wireless LAN Driver
"{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}" = HP 3D DriveGuard
"{AE794AB6-424B-31E9-5EA1-968088EFAE06}" = Catalyst Control Center InstallProxy
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B82085C0-07DD-5E7F-1D48-D63087064524}" = CCC Help Czech
"{B9494F9E-5EA9-4C70-9F38-659F5E6C0BF3}" = HP Quick Start
"{BA4355A4-E388-117A-721A-F1B23175B9AD}" = AMD VISION Engine Control Center
"{BB5B11D5-ADC5-9AA2-76D9-8C447C4EC3B7}" = CCC Help German
"{BC63AE56-730A-D46F-27A6-C579E8390CB2}" = CCC Help Swedish
"{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}" = Realtek PCIE Card Reader
"{C27D60E4-3132-45A3-A71A-E3BD1DA3F794}" = HP System Event Utility
"{C3E46E73-67D3-72FA-0AA9-5A1CBE9CE0DD}" = CCC Help Norwegian
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C54BC404-EA0C-044E-F118-2E02802626F4}" = CCC Help Portuguese
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C89A97B6-F991-EBB5-77B7-927BCF420EBE}" = OEM Application Profile
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CFD9991F-F7EE-1B2E-F4FE-99E2BC2836CE}" = CCC Help Russian
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA1DC8F8-C357-44CA-A332-AB9762DF698C}" = OpenOffice 4.0.0
"{ED684F1C-291C-A7BE-D464-8A44717F8F17}" = CCC Help Thai
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EEEDA52B-3C42-4BD7-BE42-FDB596EAFCEF}" = Catalyst Control Center - Branding
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{FA26FB8C-5FC4-0EA8-EED9-32AE23A2DCCA}" = Catalyst Control Center Localization All
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Mozilla Firefox 25.0 (x86 en-GB)" = Mozilla Firefox 25.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnlineArmor_is1" = Online Armor 6.0
"Pixel Ruler" = Pixel Ruler
"VLC media player" = VLC media player 2.1.0
"WildTangent wildgames Master Uninstall" = Jeux WildTangent
"WinLiveSuite" = Windows Live Essentials
"WTA-04deac4a-4ca0-45dc-8611-b633d40fe129" = Ranch Rush 2 - Premium Edition
"WTA-09a04233-fa4c-413d-bae4-075c646be03d" = Farm Frenzy
"WTA-0cb8c6f1-ada2-42be-b29c-5a0d3886ef78" = Polar Bowler
"WTA-19c0c567-8f36-42b6-aea4-80710eb4e03d" = Zuma's Revenge
"WTA-1f9c9f6d-0fb9-423c-a5f4-07e8a0e36308" = Mahjongg Artifacts
"WTA-2f1e87ca-2f6f-4ced-9d39-74316071fab8" = Bejeweled 3
"WTA-316ae727-c0d4-4e18-ba89-01bf926216aa" = Wedding Dash
"WTA-37ac2235-a3fe-48f0-a210-c7425b607eff" = Aloha TriPeaks
"WTA-41864ea0-a528-480b-baef-7a2a85514d46" = Governor of Poker 2 Premium Edition
"WTA-466d1acd-ad16-43ef-af1f-93a539e9d6d7" = Cradle of Rome 2
"WTA-50361504-dece-4c27-85cc-3bdafbee7ed2" = Jewel Match 3
"WTA-6937dff6-0f8a-4da4-9714-b4b76ddcf4d9" = Jewel Quest II
"WTA-699148d8-112e-4717-8dba-7565b690e218" = Virtual Families
"WTA-71fe11f7-742e-42eb-ba7a-41067beb2b4e" = Crazy Chicken Soccer
"WTA-bb680544-ce0b-4112-a963-254b2dd7a78b" = Vacation Quest™ - Australia
"WTA-c0596dff-c0af-4ff3-9d2c-c58bbadf05de" = Plants vs. Zombies - Game of the Year
"WTA-c978c0b3-4412-4140-be06-2dbf8b41d750" = Royal Envoy 2 Collector's Edition
"WTA-f6a162eb-bfbe-4724-9c54-04178966fd14" = Build-a-lot
"WTA-f7ee5664-183e-41aa-8920-9990e7fcc0e5" = Trinklit Supreme
"WTA-f87a42dd-8efe-4fa7-bab5-bd19dbf75fff" = Youda Jewel Shop

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/10/2013 16:00:00 | Computer Name = Master | Source = Application Hang | ID = 1002
Description = The program wwahost.exe version 6.2.9200.16420 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c70 Start
Time: 01ced4b4cc8d1e42 Termination Time: 4294967295 Application Path: C:\Windows\system32\wwahost.exe

Report
Id: a8a9825a-40d4-11e3-be8b-7446a08860ef Faulting package full name: microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe

Faulting
package-relative application ID: Microsoft.WindowsLive.Mail

Error - 30/10/2013 05:56:57 | Computer Name = Master | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/10/2013 05:56:57 | Computer Name = Master | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1591

Error - 30/10/2013 05:56:57 | Computer Name = Master | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1591

Error - 30/10/2013 07:20:02 | Computer Name = Master | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/10/2013 07:20:02 | Computer Name = Master | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1544

Error - 30/10/2013 07:20:02 | Computer Name = Master | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1544

Error - 30/10/2013 07:23:59 | Computer Name = Master | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/10/2013 07:23:59 | Computer Name = Master | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 238634

Error - 30/10/2013 07:23:59 | Computer Name = Master | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 238634

[ Hewlett-Packard Events ]
Error - 09/09/2013 09:24:22 | Computer Name = Master | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.SupportFramework.Utilities.HPSARuntime.Configuration.LoadHPSFConfigFile()

at HP.SupportFramework.Utilities.HPSARuntime.Configuration.Load() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: Could not load the Configuration DLL. StackTrace: at HP.SupportFramework.Utilities.HPSARuntime.Configuration.LoadHPSFConfigFile()

at HP.SupportFramework.Utilities.HPSARuntime.Configuration.Load() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3293 Ram Utilization: 20 TargetSite: Void LoadHPSFConfigFile()

[ System Events ]
Error - 29/10/2013 10:38:30 | Computer Name = Master | Source = EventLog | ID = 6008
Description = The previous system shutdown at 14:50:00 on ?29/?10/?2013 was unexpected.

Error - 29/10/2013 10:38:31 | Computer Name = Master | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "B8763F0603D9" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 29/10/2013 10:38:31 | Computer Name = Master | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "B8763F0603D9" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 29/10/2013 10:38:42 | Computer Name = Master | Source = BugCheck | ID = 1001
Description =

Error - 29/10/2013 15:59:52 | Computer Name = Master | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NlaSvc service.

Error - 31/10/2013 06:42:46 | Computer Name = Master | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NlaSvc service.

Error - 31/10/2013 11:41:56 | Computer Name = Master | Source = EventLog | ID = 6008
Description = The previous system shutdown at 16:17:41 on ?31/?10/?2013 was unexpected.

Error - 31/10/2013 11:42:07 | Computer Name = Master | Source = BugCheck | ID = 1001
Description =

Error - 31/10/2013 14:09:07 | Computer Name = Master | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NlaSvc service.

Error - 31/10/2013 15:59:39 | Computer Name = Master | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NlaSvc service.


< End of report >
garypres
Active Member
 
Posts: 4
Joined: November 9th, 2013, 9:45 am

Re: homepage on firefox defaults to http://fr.search.yahoo.c

Unread postby Cypher » November 11th, 2013, 11:15 am

Hi garypres,
Thanks Cypher

You're welcome.
Do the following then let me know if you're still having problems.

Backup the Registry:

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

  • Please download the installer for Registry Backup from Here or Here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
Image

  • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
Image

  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed Here.

Next.

Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following script into the Image textbox. Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).
    Code: Select all
    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    FF - prefs.js..browser.startup.homepage: "http://fr.search.yahoo.com/?type=198484&fr=spigot-yhp-ff"
    [2013/11/08 17:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2013/11/08 17:10:23 | 000,000,000 | ---D | C] -- C:\Users\gary\AppData\Roaming\IObit
    [2013/11/08 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
    @Alternate Data Stream - 684 bytes -> C:\Users\gary\Desktop\colis déposé.eml:OECustomProperty
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: homepage on firefox defaults to http://fr.search.yahoo.c

Unread postby garypres » November 11th, 2013, 12:13 pm

Thanks Cypher. Followed your instructions, and after reboot, the firefox homepage is back to normal: no sign of yahoo. Below is the log: thanks so much for your help and advice.

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: "http://fr.search.yahoo.com/?type=198484&fr=spigot-yhp-ff" removed from browser.startup.homepage
C:\ProgramData\IObit\ASCDownloader folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V7 folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\IObit Uninstaller\B77A0CC7-7129-4313-86FE-B10B53285749 folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\Driver Booster\Logs folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\Driver Booster\License folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\Driver Booster folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\Advanced SystemCare V7\Temp folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\Advanced SystemCare V7\ProgramDeactivator folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\Advanced SystemCare V7\Internet Booster folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\gary\AppData\Roaming\IObit folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\Update folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\Database folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2 folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\update folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\Language folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate folder moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Quarantine Zone folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\scan folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\realtime folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Database folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7 folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
ADS C:\Users\gary\Desktop\colis déposé.eml:OECustomProperty deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\gary\Desktop\cmd.bat deleted successfully.
C:\Users\gary\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: gary
->Temp folder emptied: 435581450 bytes
->Temporary Internet Files folder emptied: 74894398 bytes
->FireFox cache emptied: 235946466 bytes
->Flash cache emptied: 38274 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4101496 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1226365 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 1073262 bytes

Total Files Cleaned = 718.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11112013_170034

Files\Folders moved on Reboot...
C:\Users\gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
garypres
Active Member
 
Posts: 4
Joined: November 9th, 2013, 9:45 am

Re: homepage on firefox defaults to http://fr.search.yahoo.c

Unread postby Cypher » November 11th, 2013, 12:27 pm

Hi garypres,
thanks so much for your help and advice.

My pleasure :)
the firefox homepage is back to normal: no sign of yahoo.

That's good to hear, as you're having no further problems you should be good to go.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL

  • Right click on OTL.exe And select Run as administrator to run it.
  • This will remove some of the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Next.

  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Uninstall.
  • Confirm with yes.

You can now delete any tools/logs we used if they remain on your Desktop.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: homepage on firefox defaults to http://fr.search.yahoo.c

Unread postby garypres » November 11th, 2013, 2:07 pm

Thank you - read and understood. Gary
garypres
Active Member
 
Posts: 4
Joined: November 9th, 2013, 9:45 am

Re: homepage on firefox defaults to http://fr.search.yahoo.c

Unread postby Cypher » November 11th, 2013, 2:12 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware