Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Flash Player Security Error Screen Is it a Virus?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 10th, 2012, 10:01 am

SystemLook 30.07.11 by jpshortstuff
Log created at 09:00 on 10/11/2012 by robert
Administrator - Elevation successful

========== contents ==========

C:\_OTL\MovedFiles\11092012_181142.log - Opened succesfully.

ÿþAll processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3434975647-2719533202-2998227652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Users\robert\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\preferences folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\components folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\chrome\icons\default folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\chrome\icons folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\chrome folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\defaults\preferences folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\defaults\palettes folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\defaults folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\chrome folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\defaults\preferences folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\defaults folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\docs folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\defaults\preferences folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\defaults folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\locale\en-US folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\locale folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\skin\wizard folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\skin\semrush folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\skin\pageinfo folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\skin\options folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\skin\diagnosis folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\skin\density folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\skin folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\yandex folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\yahoo folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\toolbar folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\socials folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\seobar folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\pageinfo folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\options folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\notifications folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\linkinfo folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\google folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\diagnosis folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules\density folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\modules folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content\lib folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome\content folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}\chrome folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}\chrome folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\searchplugins folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\modules folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\META-INF folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\defaults\preferences folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\defaults folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\components folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\skin\mypix\window folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\skin\mypix\position folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\skin\mypix\icons folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\skin\mypix\buttons folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\skin\mypix folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\skin folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\locale\en-US folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\locale folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content\prestosavings folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings\resources\btpweatherbug folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings\resources\btpweather folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings\resources\btptoolbarbutton folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings\resources\btpbutton folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings\resources folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content\bindings folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome\content folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com\chrome folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions folder moved successfully.
C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\searchplugins\bing-zugo.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\robert\Desktop\cmd.bat deleted successfully.
C:\Users\robert\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: robert
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: robert
->Flash cache emptied: 74496 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: robert
->Temp folder emptied: 173759181 bytes
->Temporary Internet Files folder emptied: 249079376 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66696877 bytes
->Google Chrome cache emptied: 59129396 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 120407506 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66717 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 638.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11092012_181142

Files\Folders moved on Reboot...
C:\Users\robert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


-= EOF =-
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm
Advertisement
Register to Remove

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 10th, 2012, 10:38 am

I think I found the location of the Firefox addons, I just don't know how to recover them. If I click the Windows Key +R and enter %APPDATA% OK and then choose Mozilla > Firefox > Profiles I see two folders with .default ext. One contains Reminderfox and the other all the other addons.
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby askey127 » November 10th, 2012, 4:13 pm

bonnie,
Sorry to annoy you with this, but want to get this right.
Didn't realize you had stuff stored in the Add-Ons

The Add-Ons themselves are probably still there. We can check that.
---------------------------------------------
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :dir
    C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\ /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

----------------------------------------------------
The batch file below should restore what Firefox thinks are the Add-Ons
Compose and Run A Batch File
Please highlight, copy (Ctrl+C) and paste (Ctrl+V) the text inside the quote into a new Notepad document.
xcopy C:\_OTL\MovedFiles\11092012_181142\C_Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\* C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions /S /I /R /H
xcopy C:\_OTL\MovedFiles\11092012_181142\C_Users\robert\AppData\Roaming\Mozilla\Extensions\* C:\Users\robert\AppData\Roaming\Mozilla\Extensions /S /I /R /H

Save it on your Desktop as file type "All Files" (NOT as "Text Documents") and name it FixMe.bat
Close Notepad.
Right click FixMe.bat on your Desktop and "Run as administrator". OK the User Account Control.
A window will open and close. This is normal.

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 10th, 2012, 4:51 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 15:50 on 10/11/2012 by robert
Administrator - Elevation successful

========== dir ==========

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default - Parameters: "/s"

---Files---
addons.sqlite --a---- 524288 bytes [17:14 12/09/2011] [22:02 09/11/2012]
blocklist.xml --a---- 37330 bytes [17:24 12/09/2011] [22:04 09/11/2012]
btmetricslite.sqlite --a---- 65536 bytes [17:17 12/09/2011] [14:10 19/01/2012]
btpersonas.sqlite --a---- 98304 bytes [17:17 12/09/2011] [17:17 12/09/2011]
cert8.db --a---- 360448 bytes [14:56 12/09/2011] [20:35 10/11/2012]
chromeappsstore.sqlite --a---- 131072 bytes [14:56 12/09/2011] [11:58 02/11/2012]
compatibility.ini --a---- 200 bytes [14:56 12/09/2011] [23:50 09/11/2012]
content-prefs.sqlite --a---- 229376 bytes [14:56 12/09/2011] [14:30 08/11/2012]
cookies.sqlite --a---- 2621440 bytes [14:56 12/09/2011] [20:35 10/11/2012]
cookies.sqlite-shm --a---- 32768 bytes [20:48 10/11/2012] [20:48 10/11/2012]
cookies.sqlite-wal --a---- 0 bytes [20:48 10/11/2012] [20:48 10/11/2012]
cshelper.cfg --a---- 4429 bytes [15:42 25/09/2012] [17:04 15/09/2012]
dh-conv-rules.rdf --a---- 152 bytes [15:42 25/09/2012] [15:42 25/09/2012]
dh-media-lists.rdf --a---- 517 bytes [19:21 25/09/2012] [13:53 31/10/2012]
dh-smart-names.rdf --a---- 59843 bytes [15:42 25/09/2012] [13:53 31/10/2012]
downloads.sqlite --a---- 131072 bytes [17:44 17/04/2012] [23:35 09/11/2012]
extensions.ini --a---- 133 bytes [23:22 09/11/2012] [23:22 09/11/2012]
extensions.log --a---- 884 bytes [22:28 02/12/2011] [14:51 03/02/2012]
extensions.sqlite --a---- 524288 bytes [14:56 12/09/2011] [23:22 09/11/2012]
extensions.sqlite.protect --a---- 524288 bytes [10:53 12/08/2012] [21:45 21/09/2012]
febeIgnoreListData.json --a---- 99 bytes [17:15 12/09/2011] [17:15 12/09/2011]
febeUserDefinedBuData.json --a---- 211 bytes [17:21 12/09/2011] [12:08 31/12/2010]
forecastfox.sqlite --a---- 163840 bytes [17:17 12/09/2011] [23:06 09/11/2012]
formhistory.sqlite --a---- 753664 bytes [14:56 12/09/2011] [11:43 14/10/2012]
key3.db --a---- 16384 bytes [14:56 12/09/2011] [20:35 10/11/2012]
localstore-safe.rdf --a---- 1660 bytes [14:02 07/08/2012] [14:02 07/08/2012]
localstore.rdf --a---- 22797 bytes [20:35 10/11/2012] [20:35 10/11/2012]
mimeTypes.rdf --a---- 17483 bytes [17:00 25/10/2012] [17:00 25/10/2012]
parent.lock --a---- 0 bytes [17:15 06/06/2012] [20:48 10/11/2012]
permissions.sqlite --a---- 1736704 bytes [14:56 12/09/2011] [20:35 10/11/2012]
places.sqlite --a---- 62914560 bytes [14:56 12/09/2011] [20:49 10/11/2012]
places.sqlite-shm --a---- 32768 bytes [20:48 10/11/2012] [20:48 10/11/2012]
places.sqlite-wal --a---- 721456 bytes [20:48 10/11/2012] [20:49 10/11/2012]
pluginreg.dat --a---- 19903 bytes [19:27 08/11/2012] [19:27 08/11/2012]
prefs.js --a---- 72492 bytes [20:48 10/11/2012] [20:48 10/11/2012]
search-metadata.json --a---- 114 bytes [13:38 10/11/2012] [13:38 10/11/2012]
search.json --a---- 14256 bytes [14:56 12/09/2011] [23:22 09/11/2012]
search.sqlite --a---- 65536 bytes [14:56 12/09/2011] [20:40 21/09/2012]
secmod.db --a---- 16384 bytes [14:56 12/09/2011] [14:56 12/09/2011]
sessionstore.bak --a---- 44587 bytes [18:28 17/04/2012] [20:35 10/11/2012]
sessionstore.js --a---- 48060 bytes [20:49 10/11/2012] [20:49 10/11/2012]
signons.sqlite --a---- 327680 bytes [14:56 12/09/2011] [11:43 14/10/2012]
webappsstore.sqlite --a---- 4358144 bytes [14:56 12/09/2011] [11:43 14/10/2012]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\adblockplus d------ [17:19 12/09/2011]
cache.js --a---- 1585623 bytes [17:19 12/09/2011] [21:21 29/06/2012]
elemhide.css --a---- 2424892 bytes [23:06 09/11/2012] [23:06 09/11/2012]
patterns-1.ini --a---- 129081 bytes [20:18 17/08/2012] [20:18 17/08/2012]
patterns-backup1.ini --a---- 1716696 bytes [17:19 12/09/2011] [22:04 09/11/2012]
patterns-backup2.ini --a---- 1716046 bytes [17:19 12/09/2011] [19:33 08/11/2012]
patterns-backup3.ini --a---- 1713458 bytes [17:19 12/09/2011] [19:26 07/11/2012]
patterns-backup4.ini --a---- 1712389 bytes [17:19 12/09/2011] [19:16 06/11/2012]
patterns-backup5.ini --a---- 1711362 bytes [17:19 12/09/2011] [18:35 05/11/2012]
patterns.ini --a---- 1716696 bytes [22:15 09/11/2012] [22:15 09/11/2012]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\autoproxy d------ [17:19 12/09/2011]
patterns-backup1.ini --a---- 36 bytes [17:19 12/09/2011] [17:46 21/01/2012]
patterns-backup2.ini --a---- 36 bytes [17:19 12/09/2011] [17:56 20/01/2012]
patterns-backup3.ini --a---- 36 bytes [17:19 12/09/2011] [18:39 19/01/2012]
patterns-backup4.ini --a---- 36 bytes [17:19 12/09/2011] [19:33 18/01/2012]
patterns-backup5.ini --a---- 36 bytes [17:19 12/09/2011] [19:46 17/01/2012]
patterns.ini --a---- 36 bytes [17:28 22/01/2012] [17:28 22/01/2012]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\bookmarkbackups d------ [14:56 12/09/2011]
bookmarks-2012-11-01.json --a---- 762259 bytes [10:12 01/11/2012] [10:12 01/11/2012]
bookmarks-2012-11-02.json --a---- 764640 bytes [11:51 02/11/2012] [11:51 02/11/2012]
bookmarks-2012-11-03.json --a---- 765875 bytes [11:28 03/11/2012] [11:28 03/11/2012]
bookmarks-2012-11-04.json --a---- 765875 bytes [11:36 04/11/2012] [11:36 04/11/2012]
bookmarks-2012-11-05.json --a---- 766571 bytes [11:26 05/11/2012] [11:26 05/11/2012]
bookmarks-2012-11-06.json --a---- 766571 bytes [12:13 06/11/2012] [12:13 06/11/2012]
bookmarks-2012-11-07.json --a---- 766571 bytes [11:08 07/11/2012] [11:08 07/11/2012]
bookmarks-2012-11-08.json --a---- 766571 bytes [13:50 08/11/2012] [13:50 08/11/2012]
bookmarks-2012-11-09.json --a---- 766571 bytes [12:37 09/11/2012] [12:37 09/11/2012]
bookmarks-2012-11-10.json --a---- 766571 bytes [13:43 10/11/2012] [13:43 10/11/2012]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\colorzilla d------ [17:17 12/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\colorzilla\palettes d------ [17:17 12/09/2011]
Favorites.gpl --a---- 77 bytes [14:39 04/10/2011] [14:39 10/12/2004]
History.gpl --a---- 73 bytes [14:39 04/10/2011] [14:38 10/12/2004]
HuesAndBrightnesses.gpl --a---- 5350 bytes [14:39 04/10/2011] [20:17 10/12/2004]
HuesAndSaturations.gpl --a---- 6046 bytes [14:39 04/10/2011] [20:12 10/12/2004]
SystemCSSColors.gpl --a---- 1387 bytes [14:39 04/10/2011] [11:18 13/12/2004]
W3CNamedColors.gpl --a---- 362 bytes [14:39 04/10/2011] [18:34 10/12/2004]
WebColorsByHue.gpl --a---- 4304 bytes [14:39 04/10/2011] [18:32 10/12/2004]
WebNamedColors.gpl --a---- 3151 bytes [14:39 04/10/2011] [18:34 10/12/2004]
WebSafeColors.gpl --a---- 4845 bytes [14:39 04/10/2011] [18:34 10/12/2004]
XNamedColors.gpl --a---- 18146 bytes [14:39 04/10/2011] [18:33 10/12/2004]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\colorzilla\palettes\backup d------ [12:38 05/12/2011]
Favorites.gpl --a---- 77 bytes [14:39 04/10/2011] [15:39 10/12/2004]
History.gpl --a---- 104 bytes [14:39 04/10/2011] [10:11 11/10/2011]
HuesAndBrightnesses.gpl --a---- 5350 bytes [14:39 04/10/2011] [21:17 10/12/2004]
HuesAndSaturations.gpl --a---- 6046 bytes [14:39 04/10/2011] [21:12 10/12/2004]
SystemCSSColors.gpl --a---- 1387 bytes [14:39 04/10/2011] [12:18 13/12/2004]
W3CNamedColors.gpl --a---- 362 bytes [14:39 04/10/2011] [19:34 10/12/2004]
WebColorsByHue.gpl --a---- 4304 bytes [14:39 04/10/2011] [19:32 10/12/2004]
WebNamedColors.gpl --a---- 3151 bytes [14:39 04/10/2011] [19:34 10/12/2004]
WebSafeColors.gpl --a---- 4845 bytes [14:39 04/10/2011] [19:34 10/12/2004]
XNamedColors.gpl --a---- 18146 bytes [14:39 04/10/2011] [19:33 10/12/2004]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\gmanager d------ [17:17 12/09/2011]
prefs.xml --a---- 1957 bytes [23:44 16/09/2011] [23:44 16/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\minidumps d------ [14:56 12/09/2011]
168a5fed-f2fd-41a9-93fd-1bc82f820782.dmp --a---- 0 bytes [20:14 01/11/2012] [20:14 01/11/2012]
1c45da02-f89f-4e48-bdff-6addeefc62ed.dmp --a---- 23948 bytes [17:18 12/06/2012] [17:18 12/06/2012]
1c45da02-f89f-4e48-bdff-6addeefc62ed.extra --a---- 1544 bytes [17:18 12/06/2012] [17:18 12/06/2012]
232fc594-9870-4f63-b5e0-187d3ba3aacb.dmp --a---- 22840 bytes [17:07 12/06/2012] [17:07 12/06/2012]
232fc594-9870-4f63-b5e0-187d3ba3aacb.extra --a---- 1544 bytes [17:07 12/06/2012] [17:07 12/06/2012]
319b2356-5092-4db5-8a71-949ef2f90aa2.dmp --a---- 0 bytes [00:56 31/10/2012] [00:56 31/10/2012]
385ed96e-cf49-4311-a5a9-83dedecdd398.dmp --a---- 24000 bytes [17:03 12/06/2012] [17:03 12/06/2012]
385ed96e-cf49-4311-a5a9-83dedecdd398.extra --a---- 1544 bytes [17:03 12/06/2012] [17:03 12/06/2012]
3afd466b-6725-4f05-9619-01e3d5874552.dmp --a---- 0 bytes [13:23 24/09/2012] [13:23 24/09/2012]
3cefd906-275f-4b83-92df-c36886cc6ab9.dmp --a---- 0 bytes [14:02 19/08/2012] [14:02 19/08/2012]
678d8d8a-3244-4fd1-8049-3885a05e88ce.dmp --a---- 337820 bytes [17:14 03/11/2012] [17:14 03/11/2012]
678d8d8a-3244-4fd1-8049-3885a05e88ce.extra --a---- 1795 bytes [17:14 03/11/2012] [17:14 03/11/2012]
6b5b558d-c1af-4907-829f-13fd94207638.dmp --a---- 23308 bytes [17:31 12/06/2012] [17:31 12/06/2012]
6b5b558d-c1af-4907-829f-13fd94207638.extra --a---- 1544 bytes [17:31 12/06/2012] [17:31 12/06/2012]
7c000e7d-be92-4280-8de5-155c970ba0c0.dmp --a---- 23132 bytes [16:58 12/06/2012] [16:58 12/06/2012]
7c000e7d-be92-4280-8de5-155c970ba0c0.extra --a---- 1544 bytes [16:58 12/06/2012] [16:58 12/06/2012]
8bd7f58f-c8b8-4a46-93f6-6a4d405dee45.dmp --a---- 11197 bytes [19:21 25/09/2012] [19:21 25/09/2012]
8bd7f58f-c8b8-4a46-93f6-6a4d405dee45.extra --a---- 1428 bytes [19:21 25/09/2012] [19:21 25/09/2012]
a04a30ea-a54c-43ee-a47d-31e60932e28f.dmp --a---- 0 bytes [18:43 17/09/2012] [18:43 17/09/2012]
ae062777-9749-4ef8-8a75-01a63259b8ba.dmp --a---- 0 bytes [14:43 23/09/2012] [14:43 23/09/2012]
b3384bba-9333-4fd5-89c8-a323d48f67e9.dmp --a---- 0 bytes [21:42 23/09/2012] [21:42 23/09/2012]
c297c86d-e477-4564-8ea3-1924c46756bd.dmp --a---- 0 bytes [18:19 01/09/2012] [18:19 01/09/2012]
cd85ad69-3ed4-42dc-a96f-1ef50ac63037.dmp --a---- 0 bytes [16:50 04/10/2012] [16:50 04/10/2012]
d364efc6-8b9c-47fc-92c1-5cd78a33d718.dmp --a---- 0 bytes [02:47 02/11/2012] [02:47 02/11/2012]
f6f2d6ef-a1dc-44c5-8a32-3846f953f3a2.dmp --a---- 0 bytes [18:36 23/09/2012] [18:36 23/09/2012]
f7dfbcc4-e868-47ba-8a04-3515e3505ea9.dmp --a---- 0 bytes [01:59 03/11/2012] [01:59 03/11/2012]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\reminderfox d------ [17:17 12/09/2011]
reminderfox.ics --a---- 581 bytes [17:17 12/09/2011] [17:17 12/09/2011]
reminderfox.ics.bak1 --a---- 581 bytes [17:19 12/09/2011] [17:17 12/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\searchplugins d------ [11:58 13/09/2011]
Search_Results.xml --a---- 2519 bytes [00:26 12/08/2012] [20:40 21/09/2012]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake d------ [17:17 12/09/2011]
basic.pfl --a---- 10671 bytes [17:20 12/09/2011] [19:44 12/09/2011]
chrome.manifest --a---- 371 bytes [17:17 12/09/2011] [16:39 11/07/2011]
default.pfl --a---- 10671 bytes [17:17 12/09/2011] [17:19 12/09/2011]
install.rdf --a---- 1294 bytes [17:17 12/09/2011] [20:59 02/09/2011]
license.txt --a---- 1527 bytes [17:17 12/09/2011] [15:29 30/06/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome d------ [17:17 12/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content d------ [17:17 12/09/2011]
sqff_class.js --a---- 20141 bytes [17:17 12/09/2011] [19:38 02/09/2011]
sqff_cpreferences.xul --a---- 27988 bytes [17:17 12/09/2011] [23:04 27/07/2011]
sqff_main.js --a---- 4600 bytes [17:17 12/09/2011] [19:33 02/09/2011]
sqff_main.xul --a---- 7894 bytes [17:17 12/09/2011] [22:56 16/08/2011]
sqff_pool_processor.js --a---- 10083 bytes [17:17 12/09/2011] [19:29 02/09/2011]
sqff_preferences.js --a---- 6092 bytes [17:17 12/09/2011] [19:27 02/09/2011]
sqff_preferences_wizard.xul --a---- 6364 bytes [17:17 12/09/2011] [19:26 02/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\dialogs d------ [17:17 12/09/2011]
sqff_filter.js --a---- 2039 bytes [17:17 12/09/2011] [21:43 15/08/2011]
sqff_filter.xul --a---- 3304 bytes [17:17 12/09/2011] [00:06 28/06/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\lib d------ [17:17 12/09/2011]
sqff_date.js --a---- 12030 bytes [17:17 12/09/2011] [19:44 02/09/2011]
sqff_lib.js --a---- 22084 bytes [17:17 12/09/2011] [19:42 02/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\modules d------ [17:17 12/09/2011]
sqff_adsspy.js --a---- 10132 bytes [17:17 12/09/2011] [19:52 02/09/2011]
sqff_baidu.js --a---- 4868 bytes [17:17 12/09/2011] [19:51 02/09/2011]
sqff_base.js --a---- 46329 bytes [17:17 12/09/2011] [19:57 02/09/2011]
sqff_bing.js --a---- 4281 bytes [17:17 12/09/2011] [19:51 02/09/2011]
sqff_filters.js --a---- 4435 bytes [17:17 12/09/2011] [19:50 02/09/2011]
sqff_params_installer.js --a---- 4825 bytes [17:17 12/09/2011] [19:49 02/09/2011]
sqff_semrush.js --a---- 35729 bytes [17:17 12/09/2011] [19:48 02/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\modules\density d------ [17:17 12/09/2011]
density.html --a---- 16919 bytes [17:17 12/09/2011] [20:01 02/09/2011]
sqff_density.js --a---- 23065 bytes [17:17 12/09/2011] [20:03 02/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\modules\google d------ [17:17 12/09/2011]
sqff_google.js --a---- 20686 bytes [17:17 12/09/2011] [20:05 02/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\modules\linkinfo d------ [17:17 12/09/2011]
linkinfo.html --a---- 3723 bytes [17:17 12/09/2011] [23:51 25/08/2011]
sqff_linkinfo.js --a---- 32269 bytes [17:17 12/09/2011] [20:07 02/09/2011]
sqff_linkinfo_dialog.js --a---- 380 bytes [17:17 12/09/2011] [20:05 02/09/2011]
sqff_linkinfo_dialog.xul --a---- 633 bytes [17:17 12/09/2011] [20:50 11/07/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\modules\notifications d------ [17:17 12/09/2011]
sqff_notifications.js --a---- 7583 bytes [17:17 12/09/2011] [20:09 02/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\modules\pageinfo d------ [17:17 12/09/2011]
pageinfo.html --a---- 4469 bytes [17:17 12/09/2011] [23:56 25/08/2011]
sqff_pageinfo.js --a---- 15734 bytes [17:17 12/09/2011] [18:09 02/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\modules\seobar d------ [17:17 12/09/2011]
sqff_seobar.js --a---- 20472 bytes [17:17 12/09/2011] [20:12 02/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\modules\toolbar d------ [17:17 12/09/2011]
sqff_toolbar.js --a---- 15430 bytes [17:17 12/09/2011] [20:42 02/09/2011]
sqff_toolbar.xul --a---- 1441 bytes [17:17 12/09/2011] [22:05 11/07/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\modules\yahoo d------ [17:17 12/09/2011]
sqff_siteexplorer.js --a---- 9981 bytes [17:17 12/09/2011] [20:44 02/09/2011]
sqff_yahoo.js --a---- 5225 bytes [17:17 12/09/2011] [20:43 02/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\modules\yandex d------ [17:17 12/09/2011]
sqff_yandex.js --a---- 4720 bytes [17:17 12/09/2011] [20:49 02/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\prefpanes d------ [17:17 12/09/2011]
sqff_dialog_param.js --a---- 1340 bytes [17:17 12/09/2011] [20:57 02/09/2011]
sqff_dialog_param.xul --a---- 1825 bytes [17:17 12/09/2011] [15:55 13/07/2011]
sqff_prefpane_advanced.js --a---- 2349 bytes [17:17 12/09/2011] [15:41 30/06/2011]
sqff_prefpane_advanced.xul --a---- 3460 bytes [17:17 12/09/2011] [21:04 13/07/2011]
sqff_prefpane_modules.js --a---- 380 bytes [17:17 12/09/2011] [20:56 02/09/2011]
sqff_prefpane_params.js --a---- 16524 bytes [17:17 12/09/2011] [20:56 02/09/2011]
sqff_prefpane_params.xul --a---- 3403 bytes [17:17 12/09/2011] [16:32 13/07/2011]
sqff_prefpane_plugins.js --a---- 387 bytes [17:17 12/09/2011] [21:50 15/08/2011]
sqff_presets.js --a---- 11418 bytes [17:17 12/09/2011] [20:52 02/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\skin d------ [17:17 12/09/2011]
adsspy.css --a---- 605 bytes [17:17 12/09/2011] [18:35 11/11/2010]
advanced.png --a---- 1983 bytes [17:17 12/09/2011] [18:35 11/11/2010]
append.png --a---- 1732 bytes [17:17 12/09/2011] [18:35 11/11/2010]
arrow_left.gif --a---- 61 bytes [17:17 12/09/2011] [18:35 11/11/2010]
arrow_right.gif --a---- 61 bytes [17:17 12/09/2011] [18:35 11/11/2010]
cleardot.gif --a---- 43 bytes [17:17 12/09/2011] [18:35 11/11/2010]
close.gif --a---- 62 bytes [17:17 12/09/2011] [18:35 11/11/2010]
default.css --a---- 717 bytes [17:17 12/09/2011] [18:35 11/11/2010]
density12.png --a---- 260 bytes [17:17 12/09/2011] [18:35 11/11/2010]
density16.png --a---- 281 bytes [17:17 12/09/2011] [18:35 11/11/2010]
extlinks16.png --a---- 264 bytes [17:17 12/09/2011] [18:35 11/11/2010]
information.png --a---- 778 bytes [17:17 12/09/2011] [18:35 11/11/2010]
intlinks16.png --a---- 264 bytes [17:17 12/09/2011] [18:35 11/11/2010]
links12.png --a---- 262 bytes [17:17 12/09/2011] [18:35 11/11/2010]
loader.gif --a---- 432 bytes [17:17 12/09/2011] [18:35 11/11/2010]
logo48.png --a---- 2306 bytes [17:17 12/09/2011] [18:35 11/11/2010]
menulogo-dis.png --a---- 1045 bytes [17:17 12/09/2011] [18:35 11/11/2010]
menulogo.png --a---- 1063 bytes [17:17 12/09/2011] [18:35 11/11/2010]
modules.png --a---- 1576 bytes [17:17 12/09/2011] [18:35 11/11/2010]
parameters.png --a---- 1690 bytes [17:17 12/09/2011] [18:35 11/11/2010]
question_mark.gif --a---- 206 bytes [17:17 12/09/2011] [18:35 11/11/2010]
request.png --a---- 1846 bytes [17:17 12/09/2011] [18:35 11/11/2010]
save.png --a---- 1557 bytes [17:17 12/09/2011] [18:35 11/11/2010]
seoquake_preferences_screen_01.png --a---- 6695 bytes [17:17 12/09/2011] [20:56 27/07/2011]
seoquake_preferences_screen_02.png --a---- 7567 bytes [17:17 12/09/2011] [20:56 27/07/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\skin\density d------ [17:17 12/09/2011]
bg-center.gif --a---- 865 bytes [17:17 12/09/2011] [18:35 11/11/2010]
bg-left-e.gif --a---- 206 bytes [17:17 12/09/2011] [18:35 11/11/2010]
bg-left.gif --a---- 1039 bytes [17:17 12/09/2011] [18:35 11/11/2010]
bg-right-e.gif --a---- 206 bytes [17:17 12/09/2011] [18:35 11/11/2010]
bg-right.gif --a---- 1039 bytes [17:17 12/09/2011] [18:35 11/11/2010]
close.gif --a---- 350 bytes [17:17 12/09/2011] [18:35 11/11/2010]
density.css --a---- 4049 bytes [17:17 12/09/2011] [18:39 22/08/2011]
grid-hd.gif --a---- 829 bytes [17:17 12/09/2011] [18:35 11/11/2010]
hd-sprite.gif --a---- 462 bytes [17:17 12/09/2011] [18:35 11/11/2010]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\skin\pageinfo d------ [17:17 12/09/2011]
pageinfo.css --a---- 1657 bytes [17:17 12/09/2011] [18:35 11/11/2010]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\skin\related d------ [17:17 12/09/2011]
google.css --a---- 188 bytes [17:17 12/09/2011] [18:35 11/11/2010]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\skin\semrush d------ [17:17 12/09/2011]
ad_info.gif --a---- 176 bytes [17:17 12/09/2011] [18:35 11/11/2010]
info1.gif --a---- 523 bytes [17:17 12/09/2011] [18:35 11/11/2010]
logo.jpg --a---- 15712 bytes [17:17 12/09/2011] [18:35 11/11/2010]
semrush-button.gif --a---- 2501 bytes [17:17 12/09/2011] [18:35 11/11/2010]
semrush-print.css --a---- 2262 bytes [17:17 12/09/2011] [18:35 11/11/2010]
semrush.css --a---- 2601 bytes [17:17 12/09/2011] [18:35 11/11/2010]
url_icon.gif --a---- 13168 bytes [17:17 12/09/2011] [18:35 11/11/2010]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\content\skin\wizard d------ [17:17 12/09/2011]
seobar-horizontal.png --a---- 13367 bytes [17:17 12/09/2011] [18:35 11/11/2010]
seobar-vertical.png --a---- 9866 bytes [17:17 12/09/2011] [18:35 11/11/2010]
seotoolbar.png --a---- 13977 bytes [17:17 12/09/2011] [18:35 11/11/2010]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\locale d------ [17:17 12/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\chrome\locale\en-US d------ [17:17 12/09/2011]
seoquake.dtd --a---- 7544 bytes [17:17 12/09/2011] [23:05 27/07/2011]
seoquake.properties --a---- 568 bytes [17:17 12/09/2011] [22:53 27/06/2011]
wizard.dtd --a---- 2349 bytes [17:17 12/09/2011] [17:25 12/07/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\defaults d------ [17:17 12/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\defaults\preferences d------ [17:17 12/09/2011]
sqff_seoquake.js --a---- 3622 bytes [17:17 12/09/2011] [18:44 02/09/2011]
sqff_seoquake_params.js --a---- 65360 bytes [17:17 12/09/2011] [20:47 02/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\defaults\presets d------ [17:17 12/09/2011]
advanced.pfl --a---- 6731 bytes [17:17 12/09/2011] [23:23 27/07/2011]
basic.pfl --a---- 6419 bytes [17:17 12/09/2011] [23:20 27/07/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\SeoQuake\docs d------ [17:17 12/09/2011]
license.txt --a---- 1527 bytes [17:17 12/09/2011] [15:29 30/06/2011]
ReleaseNotes_2.7.6.txt --a---- 584 bytes [17:17 12/09/2011] [18:45 02/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\weave d------ [17:13 12/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\weave\changes d------ [17:13 12/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\weave\failed d------ [23:34 16/01/2012]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\weave\toFetch d------ [17:13 12/09/2011]
clients.json --a---- 2 bytes [01:10 24/09/2011] [01:10 24/09/2011]
tabs.json --a---- 2 bytes [01:10 24/09/2011] [01:10 24/09/2011]

C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\webapps d------ [17:15 06/06/2012]

-= EOF =-
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 10th, 2012, 5:01 pm

I created and ran the fixme.bat and all of the Firefox addons and the information seem to have been restored.
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby askey127 » November 10th, 2012, 6:59 pm

bonnie,
Yeaah !!

Please run a Quick Scan with OTL and respond with the resulting log.
As you know, it will be on your desktop also as OTL.txt
Need to check in case we accidentally restored any bad guys.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 10th, 2012, 7:27 pm

OTL logfile created on: 11/10/2012 6:19:57 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\robert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 74.86% Memory free
15.90 Gb Paging File | 13.75 Gb Available in Paging File | 86.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.87 Gb Total Space | 544.36 Gb Free Space | 79.60% Space Free | Partition Type: NTFS
Drive D: | 14.47 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.59 Mb Free Space | 85.56% Space Free | Partition Type: FAT32

Computer Name: ROBERT-HP | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/11/08 18:04:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
PRC - [2012/11/02 06:52:45 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/27 07:41:52 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/09/11 11:24:35 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/11 13:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 13:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/08 14:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/18 00:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/18 00:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/11/08 22:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files (x86)\WordWeb\wweb32.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/02 06:52:32 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/16 06:11:44 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
MOD - [2012/06/14 05:09:50 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 05:09:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 05:09:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 08:10:03 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll
MOD - [2012/05/12 05:14:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 05:13:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 05:13:28 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 05:13:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 05:13:24 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 05:13:15 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/19 19:59:07 | 000,347,856 | ---- | M] () -- C:\Program Files (x86)\WordWeb\wwextdb.dll
MOD - [2009/08/19 19:59:06 | 000,022,736 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/08 05:41:59 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/08/25 15:28:16 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/06/12 12:34:59 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/11/29 14:19:55 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/11/29 14:19:52 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/09/12 15:36:52 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/08/31 18:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 21:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 20:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 20:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/05/27 11:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/02/12 08:45:26 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)
SRV - [2012/11/02 06:52:44 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/29 14:17:50 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/09/12 15:34:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/07/11 13:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/24 20:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/15 17:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/25 15:28:14 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/12 12:35:04 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2012/06/12 12:34:59 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/12 12:34:59 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/29 14:19:55 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/11/29 14:17:50 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/11/29 14:16:20 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/11/29 14:16:20 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/13 06:34:42 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/27 11:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 11:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 20:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 19:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/06/28 08:45:26 | 000,632,704 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20110913&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "WebSearch+"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: btpersonas@brandthunder.com:1.6.2.8
FF - prefs.js..extensions.enabledAddons: checkplaces@andyhalford.com:2.6.2
FF - prefs.js..extensions.enabledAddons: gvoice@elijahclark.com:5.2
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2
FF - prefs.js..extensions.enabledAddons: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:7.0.3.5
FF - prefs.js..extensions.enabledAddons: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10
FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:2.0.1
FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.9
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.4
FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:2.6.0
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.19
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: seostatus@rubyweb:1.5.7
FF - prefs.js..extensions.enabledItems: downintab@max.max:1.00
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1
FF - prefs.js..extensions.enabledItems: craigzilla@studioshorts.com:1.1.1
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.gopher: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.http: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.ssl: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/22 13:34:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/31 08:41:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/08 14:22:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/08 14:22:10 | 000,000,000 | ---D | M]

[2012/11/09 18:22:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Extensions
[2012/11/10 17:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions
[2012/11/10 15:54:18 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/11/10 15:54:21 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/11/10 15:54:22 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/11/10 15:54:22 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012/11/10 15:54:23 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/11/10 15:54:18 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\btpersonas@brandthunder.com
[2012/09/19 09:33:50 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\amznUWL2@amazon.com.xpi
[2011/09/12 12:17:53 | 000,183,939 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\autoproxy@autoproxy.org.xpi
[2012/03/30 08:36:21 | 000,129,271 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\checkplaces@andyhalford.com.xpi
[2011/09/12 12:17:49 | 000,063,300 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\craigzilla@studioshorts.com.xpi
[2011/09/12 12:17:54 | 000,019,018 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\downintab@max.max.xpi
[2012/09/05 09:17:38 | 000,027,538 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\gvoice@elijahclark.com.xpi
[2012/01/07 07:41:32 | 000,207,020 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\seostatus@rubyweb.xpi
[2011/09/12 12:17:54 | 000,242,569 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
[2011/09/12 12:17:55 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2012/10/31 10:48:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/08/10 22:32:56 | 000,000,822 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\xpi-details.xsl
[2012/09/21 15:40:37 | 000,002,519 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\searchplugins\Search_Results.xml
[2012/11/02 06:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/02 06:52:28 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2012/11/02 06:52:45 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/14 13:41:55 | 000,216,720 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2012/10/27 07:42:01 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/11/02 06:52:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/09/21 15:40:37 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/11/02 06:52:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=cr ... 06&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Website Logon = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\
CHR - Extension: YouTube = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/02/16 05:58:50 | 000,441,357 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15167 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} http://www.iradiopop.com/IRD/INDBrowser.CAB (INDBrowser Control)
O16 - DPF: {8C2D1BF0-5364-403C-9968-E6E348C6B4FB} http://www.iradiopop.com/IRD/pages/VBIRDPlayer.CAB (VBIRDPlayer.Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0}: NameServer = 209.18.47.61,209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8310BB86-6F61-479B-892F-306AB678E156}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1e45ebb7-03db-11e2-9c5f-101f7415e3e8}\Shell - "" = AutoRun
O33 - MountPoints2\{1e45ebb7-03db-11e2-9c5f-101f7415e3e8}\Shell\AutoRun\command - "" = G:\TVRadio.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/09 18:11:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/09 07:38:25 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\RK_Quarantine
[2012/11/08 18:04:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2012/11/08 18:02:34 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\tdsskiller.exe
[2012/11/08 14:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/08 09:12:29 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\robert\Desktop\dds.scr
[2012/11/02 06:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/31 08:36:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/30 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMall
[2012/10/30 18:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMall
[2012/10/27 07:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/10/19 19:56:31 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\HP
[2012/10/19 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\AuthenTec
[2012/10/18 11:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2011/09/13 06:34:42 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\robert\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/11/10 17:49:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/10 17:40:35 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3434975647-2719533202-2998227652-1000UA.job
[2012/11/10 17:40:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/10 15:53:39 | 000,000,380 | ---- | M] () -- C:\Users\robert\Desktop\fixme.bat
[2012/11/10 13:26:41 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3434975647-2719533202-2998227652-1000Core.job
[2012/11/10 09:11:21 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/10 09:11:21 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/10 09:04:58 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/10 09:02:49 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/09 18:35:59 | 000,165,376 | ---- | M] () -- C:\Users\robert\Desktop\SystemLook_x64.exe
[2012/11/09 07:32:55 | 000,666,112 | ---- | M] () -- C:\Users\robert\Desktop\RogueKiller.exe
[2012/11/09 07:11:14 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForrobert.job
[2012/11/08 18:04:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2012/11/08 18:04:02 | 000,681,984 | ---- | M] () -- C:\Users\robert\Desktop\CKScanner.exe
[2012/11/08 18:02:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\tdsskiller.exe
[2012/11/08 09:12:33 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\robert\Desktop\dds.scr
[2012/11/07 08:30:12 | 000,042,032 | ---- | M] () -- C:\Users\robert\Desktop\adobe-error.jpg
[2012/11/07 05:33:42 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/07 05:33:42 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/07 05:33:42 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/05 14:01:32 | 005,511,843 | ---- | M] () -- C:\Users\robert\Desktop\The E-Minis Unfair Advantage.pdf
[2012/11/05 10:11:34 | 000,002,176 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/11/01 17:24:28 | 010,083,110 | ---- | M] () -- C:\Users\robert\Desktop\responding-to-climate-change-synthesis.pdf
[2012/10/27 07:41:55 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/10/23 12:21:15 | 000,001,861 | ---- | M] () -- C:\Users\robert\Desktop\thinkorswim from TD AMERITRADE.lnk
[2012/10/22 13:23:30 | 000,000,107 | ---- | M] () -- C:\Users\robert\Desktop\Learning Center.URL
[2012/10/18 18:28:05 | 001,582,136 | ---- | M] () -- C:\Users\robert\Desktop\LFS-BOOK-7.0.pdf
[2012/10/18 18:26:47 | 001,574,765 | ---- | M] () -- C:\Users\robert\Desktop\gmail-guide.pdf
[2012/10/13 15:14:49 | 000,138,214 | ---- | M] () -- C:\Users\robert\Desktop\Tina_Logans_Advice_To_Novice_Traders.pdf
[2012/10/13 15:10:01 | 002,997,967 | ---- | M] () -- C:\Users\robert\Desktop\JoeVitale-AttractMoneyNow.pdf
[2012/10/13 15:04:31 | 000,803,250 | ---- | M] () -- C:\Users\robert\Desktop\Caloriegate.pdf
[2012/10/12 07:22:20 | 002,261,443 | ---- | M] () -- C:\Users\robert\Desktop\sfuserguide2_0.pdf

========== Files Created - No Company Name ==========

[2012/11/10 15:53:39 | 000,000,380 | ---- | C] () -- C:\Users\robert\Desktop\fixme.bat
[2012/11/09 18:35:57 | 000,165,376 | ---- | C] () -- C:\Users\robert\Desktop\SystemLook_x64.exe
[2012/11/09 07:32:51 | 000,666,112 | ---- | C] () -- C:\Users\robert\Desktop\RogueKiller.exe
[2012/11/08 18:04:00 | 000,681,984 | ---- | C] () -- C:\Users\robert\Desktop\CKScanner.exe
[2012/11/07 08:29:59 | 000,042,032 | ---- | C] () -- C:\Users\robert\Desktop\adobe-error.jpg
[2012/11/05 14:01:16 | 005,511,843 | ---- | C] () -- C:\Users\robert\Desktop\The E-Minis Unfair Advantage.pdf
[2012/11/01 17:24:28 | 010,083,110 | ---- | C] () -- C:\Users\robert\Desktop\responding-to-climate-change-synthesis.pdf
[2012/10/22 13:23:30 | 000,000,107 | ---- | C] () -- C:\Users\robert\Desktop\Learning Center.URL
[2012/10/18 18:28:05 | 001,582,136 | ---- | C] () -- C:\Users\robert\Desktop\LFS-BOOK-7.0.pdf
[2012/10/18 18:26:46 | 001,574,765 | ---- | C] () -- C:\Users\robert\Desktop\gmail-guide.pdf
[2012/10/13 15:14:49 | 000,138,214 | ---- | C] () -- C:\Users\robert\Desktop\Tina_Logans_Advice_To_Novice_Traders.pdf
[2012/10/13 15:10:01 | 002,997,967 | ---- | C] () -- C:\Users\robert\Desktop\JoeVitale-AttractMoneyNow.pdf
[2012/10/13 15:04:28 | 000,803,250 | ---- | C] () -- C:\Users\robert\Desktop\Caloriegate.pdf
[2012/10/12 07:22:20 | 002,261,443 | ---- | C] () -- C:\Users\robert\Desktop\sfuserguide2_0.pdf
[2012/09/23 16:44:40 | 000,002,176 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/09/02 09:26:07 | 000,000,288 | ---- | C] () -- C:\Users\robert\AppData\Roaming\.backup.dm
[2012/08/19 15:45:51 | 000,000,059 | ---- | C] () -- C:\Windows\ANS2000.INI
[2012/08/19 15:45:51 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2012/08/19 15:45:51 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2012/07/11 07:32:01 | 000,000,076 | ---- | C] () -- C:\Windows\Setup Wizard.INI
[2012/06/12 12:36:08 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/06/12 12:36:08 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/12 12:36:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/06/12 12:36:05 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/14 14:17:56 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\DSPlayer.dll
[2012/02/15 07:47:00 | 000,007,608 | ---- | C] () -- C:\Users\robert\AppData\Local\Resmon.ResmonCfg
[2011/12/21 11:13:39 | 000,005,120 | ---- | C] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/21 11:13:13 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/21 11:13:13 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/21 11:12:18 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2011/11/01 18:55:31 | 000,060,304 | ---- | C] () -- C:\Users\robert\g2mdlhlpx.exe
[2011/09/30 21:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/21 21:11:17 | 000,000,115 | ---- | C] () -- C:\Windows\iwatch.ini
[2011/09/19 10:31:04 | 000,057,344 | ---- | C] () -- C:\Windows\StkUnist.exe
[2011/09/13 06:34:42 | 000,007,859 | ---- | C] () -- C:\Users\robert\AppData\Roaming\pcouffin.cat
[2011/09/13 06:34:42 | 000,001,167 | ---- | C] () -- C:\Users\robert\AppData\Roaming\pcouffin.inf
[2011/09/12 09:43:50 | 000,796,852 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/05 16:55:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/05 16:46:22 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/09/05 16:45:07 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/09/05 16:41:04 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/06/21 14:43:27 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/03/25 17:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/02/22 18:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

========== ZeroAccess Check ==========

[2012/08/10 22:32:56 | 000,000,596 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/03 15:43:11 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\avidemux
[2012/06/21 13:44:11 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\calibre
[2011/12/06 08:59:52 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\CintaNotes
[2011/11/23 20:11:52 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\com.essexreddevelopment.mergepdfmac
[2012/11/10 09:04:58 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Dropbox
[2012/09/01 15:08:23 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\f-secure
[2012/03/28 09:14:12 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\FileZilla
[2011/11/30 06:31:17 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\funkitron
[2011/09/14 22:00:23 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\IDT
[2012/10/10 14:15:50 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ImgBurn
[2011/09/13 06:50:45 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\IrfanView
[2012/03/27 12:59:05 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\KompoZer
[2011/12/28 09:28:36 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Mobipocket
[2011/12/28 11:44:21 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Notepad++
[2011/10/02 12:21:03 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\OpenOffice.org
[2011/12/22 12:27:19 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\OverDrive
[2011/12/11 13:48:29 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\PrimoPDF
[2011/11/02 20:24:33 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\RampRT
[2011/11/02 20:00:31 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\RegServers
[2012/09/02 09:30:16 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SanDisk SecureAccess
[2012/03/27 19:21:26 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SEO Backlink Checker
[2012/05/05 16:36:38 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Stellarium
[2011/09/12 09:34:34 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Synaptics
[2012/06/25 06:00:06 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SystemRequirementsLab
[2011/09/13 06:34:59 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Vso
[2012/05/22 17:27:53 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\WebApp
[2011/11/09 14:12:48 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Windows Live Writer
[2011/09/13 20:28:47 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\WordWeb
[2011/09/13 12:09:51 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1

========== Purity Check ==========



< End of report >
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 10th, 2012, 7:42 pm

Just noticed a plain search bar with small magnifying glass and search push button. When I clicked the button, it opens a tab (in Firefox) that comes up as Brand Thunder - Surf Canyon Search. I don't ever remember installing it, and do not find it in programs and features (control panel).
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 10th, 2012, 7:55 pm

Forget Brand Thunder. I just found out it's installed with personas addon. I disabled it and it's gone.
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby askey127 » November 10th, 2012, 8:57 pm

bonnie,
Good work. We should be almost done.
Your log does show 10 running processes from the same file.
Looks like a nuisance.
I want to find out about it.
Did you Uninstall EasyBits Magic Desktop already?

---------------------------------------------
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    ezSharedSvcHost.exe
    
    :folderfind 
    *easybits*
    *ezshared*
    
    :regfind
    easybits /s
    ezshared /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 10th, 2012, 9:57 pm

Already uninstalled EasyBits Magic Desktop back when you first told me to.

Here's the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:51 on 10/11/2012 by robert
Administrator - Elevation successful

========== filefind ==========

Searching for "ezSharedSvcHost.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe --a---- 514232 bytes [19:43 21/06/2011] [19:00 23/04/2010] CA793DCC1D5F619021EF1D37CC7A831E

========== folderfind ==========

Searching for "*easybits*"
No folders found.

Searching for "*ezshared*"
No folders found.

========== regfind ==========

Searching for "easybits /s"
No data found.

Searching for "ezshared /s"
No data found.

-= EOF =-
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby askey127 » November 11th, 2012, 9:25 am

bonnie,
I thought you said you had uninstalled it already.
Just wanted to double-check.

----------------------------------------------
The program called Security Task Manager is not known to me as either excellent or deceptive.
If its description is accurate, it does a process scan every time you boot the machine, so it may slow things down.
The company providing it is small, self-described as a two person operation, from Germany.
The name of the program has changed in the last year or so.
I would be wary of the Spyware Protector feature which runs full time, and comes with the "Pro" paid version.
It could interfere with system processes, or create more.
It would likely conflict with SuperAntispyware, since allowing more than ONE antivirus and ONE antispyware to run full time is risky .

----------------------------------------------
This fix should get rid of that file which showed (10) process instances in the previous run.
It is most likely related to the Removed EasyBits, maybe a leftover updater.

Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Files
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.
We will check that log, but you should be in pretty good shape.

I would run a Quick Scan with Microsoft Security Essentials. Let it remove anything it wants.
Are you satisfied with the way it is running?

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 11th, 2012, 9:58 am

I do not recall installing Security Task Manager, and also checked with my son. He said he never installed it either. My son did want to know if we should check that former versions of Flash had been removed and only the latest installed, like Java? Whatever that means. My daughter wants to know if we will be able to reinstall CamStudio or if all copies of it have a virus.

Here is the OTL log:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Windows\SysWOW64\ezSharedSvcHost.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\robert\Desktop\cmd.bat deleted successfully.
C:\Users\robert\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: robert
->Temp folder emptied: 75650 bytes
->Temporary Internet Files folder emptied: 68170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19878 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 2765482 bytes

Total Files Cleaned = 3.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11112012_084852

Files\Folders moved on Reboot...
C:\Users\robert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby bonnie » November 11th, 2012, 10:11 am

The computer seems to be running okay. I've been going to news sites and clicking video news links to see if that Adobe error box opens, but I haven't received one since you've fixed things. I'm going to run an MSE quick scan next.

Here is the OTL quick scan:
OTL logfile created on: 11/11/2012 8:59:59 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\robert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 76.89% Memory free
15.90 Gb Paging File | 13.87 Gb Available in Paging File | 87.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.87 Gb Total Space | 544.35 Gb Free Space | 79.60% Space Free | Partition Type: NTFS
Drive D: | 14.47 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.59 Mb Free Space | 85.56% Space Free | Partition Type: FAT32

Computer Name: ROBERT-HP | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/11/08 18:04:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
PRC - [2012/11/03 09:39:01 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/11/02 06:52:45 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/27 07:41:52 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/09/11 11:24:35 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/11 13:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 13:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/08 14:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/18 00:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/18 00:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/11/08 22:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files (x86)\WordWeb\wweb32.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/03 09:39:00 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/11/02 06:52:32 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/16 06:11:44 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
MOD - [2012/06/14 05:09:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 05:09:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 08:10:03 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll
MOD - [2012/05/12 05:14:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 05:13:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 05:13:28 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 05:13:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 05:13:24 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 05:13:15 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/19 19:59:06 | 000,022,736 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/08 05:41:59 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/08/25 15:28:16 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/06/12 12:34:59 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/11/29 14:19:55 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/11/29 14:19:52 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/09/12 15:36:52 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/08/31 18:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 21:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 20:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 20:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/05/27 11:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/02/12 08:45:26 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)
SRV - [2012/11/02 06:52:44 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/29 14:17:50 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/09/12 15:34:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/07/11 13:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/24 20:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/15 17:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/25 15:28:14 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/12 12:35:04 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2012/06/12 12:34:59 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/12 12:34:59 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/29 14:19:55 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/11/29 14:17:50 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/11/29 14:16:20 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/11/29 14:16:20 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/13 06:34:42 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/27 11:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 11:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 20:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 19:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/06/28 08:45:26 | 000,632,704 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20110913&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: checkplaces@andyhalford.com:2.6.2
FF - prefs.js..extensions.enabledAddons: gvoice@elijahclark.com:5.2
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2
FF - prefs.js..extensions.enabledAddons: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:7.0.3.5
FF - prefs.js..extensions.enabledAddons: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10
FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:2.0.1
FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.9
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.4
FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:2.6.0
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.19
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: seostatus@rubyweb:1.5.7
FF - prefs.js..extensions.enabledItems: downintab@max.max:1.00
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1
FF - prefs.js..extensions.enabledItems: craigzilla@studioshorts.com:1.1.1
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.gopher: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.http: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.ssl: "localhost, 127.0.0.1"
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\robert\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\robert\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/22 13:34:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/31 08:41:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/08 14:22:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/08 14:22:10 | 000,000,000 | ---D | M]

[2012/11/09 18:22:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Extensions
[2012/11/11 06:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions
[2012/11/10 15:54:18 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/11/10 15:54:21 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/11/10 15:54:22 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/11/10 15:54:22 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012/11/10 15:54:23 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/09/19 09:33:50 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\amznUWL2@amazon.com.xpi
[2011/09/12 12:17:53 | 000,183,939 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\autoproxy@autoproxy.org.xpi
[2012/03/30 08:36:21 | 000,129,271 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\checkplaces@andyhalford.com.xpi
[2011/09/12 12:17:49 | 000,063,300 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\craigzilla@studioshorts.com.xpi
[2011/09/12 12:17:54 | 000,019,018 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\downintab@max.max.xpi
[2012/09/05 09:17:38 | 000,027,538 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\gvoice@elijahclark.com.xpi
[2012/01/07 07:41:32 | 000,207,020 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\seostatus@rubyweb.xpi
[2011/09/12 12:17:54 | 000,242,569 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
[2011/09/12 12:17:55 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2012/10/31 10:48:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/08/10 22:32:56 | 000,000,822 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\xpi-details.xsl
[2012/09/21 15:40:37 | 000,002,519 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\searchplugins\Search_Results.xml
[2012/11/02 06:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/02 06:52:28 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2012/11/02 06:52:45 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/14 13:41:55 | 000,216,720 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2012/10/27 07:42:01 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/11/02 06:52:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/09/21 15:40:37 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/11/02 06:52:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=cr ... 06&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Website Logon = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\
CHR - Extension: YouTube = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/02/16 05:58:50 | 000,441,357 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15167 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} http://www.iradiopop.com/IRD/INDBrowser.CAB (INDBrowser Control)
O16 - DPF: {8C2D1BF0-5364-403C-9968-E6E348C6B4FB} http://www.iradiopop.com/IRD/pages/VBIRDPlayer.CAB (VBIRDPlayer.Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AE85AB7-B26D-4F60-B6D9-5BA5C3CEABF0}: NameServer = 209.18.47.61,209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8310BB86-6F61-479B-892F-306AB678E156}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1e45ebb7-03db-11e2-9c5f-101f7415e3e8}\Shell - "" = AutoRun
O33 - MountPoints2\{1e45ebb7-03db-11e2-9c5f-101f7415e3e8}\Shell\AutoRun\command - "" = G:\TVRadio.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/09 18:11:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/09 07:38:25 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\RK_Quarantine
[2012/11/08 18:04:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2012/11/08 18:02:34 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\tdsskiller.exe
[2012/11/08 14:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/08 09:12:29 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\robert\Desktop\dds.scr
[2012/11/02 06:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/31 08:36:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/30 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMall
[2012/10/30 18:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMall
[2012/10/27 07:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/10/19 19:56:31 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\HP
[2012/10/19 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\AuthenTec
[2012/10/18 11:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2011/09/13 06:34:42 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\robert\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/11/11 08:59:02 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 08:59:02 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 08:51:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/11 08:50:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/11 08:50:26 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/11 08:49:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/11 08:42:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3434975647-2719533202-2998227652-1000UA.job
[2012/11/10 15:53:39 | 000,000,380 | ---- | M] () -- C:\Users\robert\Desktop\fixme.bat
[2012/11/10 13:26:41 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3434975647-2719533202-2998227652-1000Core.job
[2012/11/09 18:35:59 | 000,165,376 | ---- | M] () -- C:\Users\robert\Desktop\SystemLook_x64.exe
[2012/11/09 07:32:55 | 000,666,112 | ---- | M] () -- C:\Users\robert\Desktop\RogueKiller.exe
[2012/11/09 07:11:14 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForrobert.job
[2012/11/08 18:04:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2012/11/08 18:04:02 | 000,681,984 | ---- | M] () -- C:\Users\robert\Desktop\CKScanner.exe
[2012/11/08 18:02:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\tdsskiller.exe
[2012/11/08 09:12:33 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\robert\Desktop\dds.scr
[2012/11/07 08:30:12 | 000,042,032 | ---- | M] () -- C:\Users\robert\Desktop\adobe-error.jpg
[2012/11/07 05:33:42 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/07 05:33:42 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/07 05:33:42 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/05 14:01:32 | 005,511,843 | ---- | M] () -- C:\Users\robert\Desktop\The E-Minis Unfair Advantage.pdf
[2012/11/05 10:11:34 | 000,002,176 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/11/01 17:24:28 | 010,083,110 | ---- | M] () -- C:\Users\robert\Desktop\responding-to-climate-change-synthesis.pdf
[2012/10/27 07:41:55 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/10/23 12:21:15 | 000,001,861 | ---- | M] () -- C:\Users\robert\Desktop\thinkorswim from TD AMERITRADE.lnk
[2012/10/22 13:23:30 | 000,000,107 | ---- | M] () -- C:\Users\robert\Desktop\Learning Center.URL
[2012/10/18 18:28:05 | 001,582,136 | ---- | M] () -- C:\Users\robert\Desktop\LFS-BOOK-7.0.pdf
[2012/10/18 18:26:47 | 001,574,765 | ---- | M] () -- C:\Users\robert\Desktop\gmail-guide.pdf
[2012/10/13 15:14:49 | 000,138,214 | ---- | M] () -- C:\Users\robert\Desktop\Tina_Logans_Advice_To_Novice_Traders.pdf
[2012/10/13 15:10:01 | 002,997,967 | ---- | M] () -- C:\Users\robert\Desktop\JoeVitale-AttractMoneyNow.pdf
[2012/10/13 15:04:31 | 000,803,250 | ---- | M] () -- C:\Users\robert\Desktop\Caloriegate.pdf

========== Files Created - No Company Name ==========

[2012/11/10 15:53:39 | 000,000,380 | ---- | C] () -- C:\Users\robert\Desktop\fixme.bat
[2012/11/09 18:35:57 | 000,165,376 | ---- | C] () -- C:\Users\robert\Desktop\SystemLook_x64.exe
[2012/11/09 07:32:51 | 000,666,112 | ---- | C] () -- C:\Users\robert\Desktop\RogueKiller.exe
[2012/11/08 18:04:00 | 000,681,984 | ---- | C] () -- C:\Users\robert\Desktop\CKScanner.exe
[2012/11/07 08:29:59 | 000,042,032 | ---- | C] () -- C:\Users\robert\Desktop\adobe-error.jpg
[2012/11/05 14:01:16 | 005,511,843 | ---- | C] () -- C:\Users\robert\Desktop\The E-Minis Unfair Advantage.pdf
[2012/11/01 17:24:28 | 010,083,110 | ---- | C] () -- C:\Users\robert\Desktop\responding-to-climate-change-synthesis.pdf
[2012/10/22 13:23:30 | 000,000,107 | ---- | C] () -- C:\Users\robert\Desktop\Learning Center.URL
[2012/10/18 18:28:05 | 001,582,136 | ---- | C] () -- C:\Users\robert\Desktop\LFS-BOOK-7.0.pdf
[2012/10/18 18:26:46 | 001,574,765 | ---- | C] () -- C:\Users\robert\Desktop\gmail-guide.pdf
[2012/10/13 15:14:49 | 000,138,214 | ---- | C] () -- C:\Users\robert\Desktop\Tina_Logans_Advice_To_Novice_Traders.pdf
[2012/10/13 15:10:01 | 002,997,967 | ---- | C] () -- C:\Users\robert\Desktop\JoeVitale-AttractMoneyNow.pdf
[2012/10/13 15:04:28 | 000,803,250 | ---- | C] () -- C:\Users\robert\Desktop\Caloriegate.pdf
[2012/09/23 16:44:40 | 000,002,176 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/09/02 09:26:07 | 000,000,288 | ---- | C] () -- C:\Users\robert\AppData\Roaming\.backup.dm
[2012/08/19 15:45:51 | 000,000,059 | ---- | C] () -- C:\Windows\ANS2000.INI
[2012/08/19 15:45:51 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2012/08/19 15:45:51 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2012/07/11 07:32:01 | 000,000,076 | ---- | C] () -- C:\Windows\Setup Wizard.INI
[2012/06/12 12:36:08 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/06/12 12:36:08 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/12 12:36:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/06/12 12:36:05 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/14 14:17:56 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\DSPlayer.dll
[2012/02/15 07:47:00 | 000,007,608 | ---- | C] () -- C:\Users\robert\AppData\Local\Resmon.ResmonCfg
[2011/12/21 11:13:39 | 000,005,120 | ---- | C] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/21 11:13:13 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/21 11:13:13 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/21 11:12:18 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2011/11/01 18:55:31 | 000,060,304 | ---- | C] () -- C:\Users\robert\g2mdlhlpx.exe
[2011/09/30 21:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/21 21:11:17 | 000,000,115 | ---- | C] () -- C:\Windows\iwatch.ini
[2011/09/19 10:31:04 | 000,057,344 | ---- | C] () -- C:\Windows\StkUnist.exe
[2011/09/13 06:34:42 | 000,007,859 | ---- | C] () -- C:\Users\robert\AppData\Roaming\pcouffin.cat
[2011/09/13 06:34:42 | 000,001,167 | ---- | C] () -- C:\Users\robert\AppData\Roaming\pcouffin.inf
[2011/09/12 09:43:50 | 000,796,852 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/05 16:55:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/05 16:46:22 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/09/05 16:45:07 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/09/05 16:41:04 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/06/21 14:43:27 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/03/25 17:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/02/22 18:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

========== ZeroAccess Check ==========

[2012/08/10 22:32:56 | 000,000,596 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\8s4f2jle.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/03 15:43:11 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\avidemux
[2012/06/21 13:44:11 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\calibre
[2011/12/06 08:59:52 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\CintaNotes
[2011/11/23 20:11:52 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\com.essexreddevelopment.mergepdfmac
[2012/11/11 08:52:45 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Dropbox
[2012/09/01 15:08:23 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\f-secure
[2012/03/28 09:14:12 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\FileZilla
[2011/11/30 06:31:17 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\funkitron
[2011/09/14 22:00:23 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\IDT
[2012/10/10 14:15:50 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ImgBurn
[2011/09/13 06:50:45 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\IrfanView
[2012/03/27 12:59:05 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\KompoZer
[2011/12/28 09:28:36 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Mobipocket
[2011/12/28 11:44:21 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Notepad++
[2011/10/02 12:21:03 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\OpenOffice.org
[2011/12/22 12:27:19 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\OverDrive
[2011/12/11 13:48:29 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\PrimoPDF
[2011/11/02 20:24:33 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\RampRT
[2011/11/02 20:00:31 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\RegServers
[2012/09/02 09:30:16 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SanDisk SecureAccess
[2012/03/27 19:21:26 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SEO Backlink Checker
[2012/05/05 16:36:38 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Stellarium
[2011/09/12 09:34:34 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Synaptics
[2012/06/25 06:00:06 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SystemRequirementsLab
[2011/09/13 06:34:59 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Vso
[2012/05/22 17:27:53 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\WebApp
[2011/11/09 14:12:48 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Windows Live Writer
[2011/09/13 20:28:47 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\WordWeb
[2011/09/13 12:09:51 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1

========== Purity Check ==========



< End of report >
bonnie
Regular Member
 
Posts: 132
Joined: August 17th, 2012, 1:56 pm

Re: Flash Player Security Error Screen Is it a Virus?

Unread postby askey127 » November 11th, 2012, 11:04 am

bonnie,
I would Uninstall Security Task Manager.
If it doesn't show in the Programs list, or if you need help in Removing it, let me know.

===============================================================
The risk with CamStudio, as with some other free software, is that a distributor, like CNET or other, will add some junkware or adware to the download, and not tell you.
(Notice we have had a number of programs installed on this machine that nobody remembered installing).

You can re-install CamStudio, but only get the download from the original publishers site:
http://sourceforge.net/projects/camstudio/
CamStudio also has their own separate website, that will also send you to the SourceForge download:
http://camstudio.org/
You can usually find out the original publisher of any software by Googling "<softwarename> Publisher"

Your logs look good.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 134 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware