Virus dug in deep, firefox oddly not overtly affected

ShenmueAdvocate

New member
Local time
2:13 AM
Messages
11
Hello, I am having a problem with a google redirect virus, and have been spending more than a week to get rid of it. It affects all my web browsers (IE, Firefox, and Google Chrome) and is displaying all of the symptoms i.e. all search engines results will redirect to different websites than what has been shown (plus malware), the virus itself is embedded somewhere and scans can not rout it out, and tabs close for "some reason". Help? I have HijackThis already installed if you need a log.
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64AMD K10 45nm TechnologyAMD M880G with ATI Mobility Radeon HD 4250
OS
Windows 7 Home Premium x64
CPU
AMD K10 45nm Technology
Motherboard
Hewlett-Packard 143F (Socket S1G4)
Graphics Card(s)
AMD M880G with ATI Mobility Radeon HD 4250
Sound Card
IDT High Definition Audio CODEC
Monitor(s) Displays
Generic PnP Monitor (1366x768@60Hz)
Hard Drives
466GB Western Digital WDC WD5000BEVT-60A0RT0 ATA Device (SATA)
  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller
 

My Computer My Computer

At a glance

32 bit
OS
32 bit
RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRKgmailcom Feedback: RogueKiller - Geeks to Go Forums Blog: tigzy-RK Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Paul [Admin rights] Mode : Scan -- Date : 09/04/2012 23:52:12 ¤¤¤ Bad processes : 1 ¤¤¤ [SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : -> KILLED [TermProc] ¤¤¤ Registry Entries : 5 ¤¤¤ [RUN][BLACKLIST DLL] HKCU\[...]\Run : Desura (rundll32.exe "C:\Users\Paul\AppData\Local\DigitalPersona\Desura\fokuzeyjp.dll",CreateInstance) -> FOUND [RUN][BLACKLIST DLL] HKUS\S-1-5-21-1802773089-3845710631-1931485571-1000[...]\Run : Desura (rundll32.exe "C:\Users\Paul\AppData\Local\DigitalPersona\Desura\fokuzeyjp.dll",CreateInstance) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Paul\AppData\Local\{64900c6e-38ca-c2b9-df73-c150899d184b}\n.) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\Windows\Installer\{64900c6e-38ca-c2b9-df73-c150899d184b}\@ --> FOUND [ZeroAccess][FOLDER] U : C:\Windows\Installer\{64900c6e-38ca-c2b9-df73-c150899d184b}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Windows\Installer\{64900c6e-38ca-c2b9-df73-c150899d184b}\L --> FOUND [ZeroAccess][FILE] @ : C:\Users\Paul\AppData\Local\{64900c6e-38ca-c2b9-df73-c150899d184b}\@ --> FOUND [ZeroAccess][FOLDER] U : C:\Users\Paul\AppData\Local\{64900c6e-38ca-c2b9-df73-c150899d184b}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Users\Paul\AppData\Local\{64900c6e-38ca-c2b9-df73-c150899d184b}\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-60A0RT0 ATA Device +++++ --- User --- [MBR] cb17807c5932fe63468973aa25389ba1 [BSP] 63e48fae74cc71a2b4fd22d45a2c498b : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 455597 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 933472256 | Size: 21039 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt


_____________________

Okay, so I can tell this is bad. The program said I have ZeroAccess on here, and opened a link to a webpage with a tutorial on how to remove it. Should I follow it, or is this something else? Also, thanks for the help already.
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64AMD K10 45nm TechnologyAMD M880G with ATI Mobility Radeon HD 4250
OS
Windows 7 Home Premium x64
CPU
AMD K10 45nm Technology
Motherboard
Hewlett-Packard 143F (Socket S1G4)
Graphics Card(s)
AMD M880G with ATI Mobility Radeon HD 4250
Sound Card
IDT High Definition Audio CODEC
Monitor(s) Displays
Generic PnP Monitor (1366x768@60Hz)
Hard Drives
466GB Western Digital WDC WD5000BEVT-60A0RT0 ATA Device (SATA)
Select all and click DELETE

Restart the PC and

Please download Rkill by Grinler and save it to your desktop.

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • The log should be saved on the desktop
  • Post it here
 

My Computer My Computer

At a glance

32 bit
OS
32 bit
Rkill 2.3.4 by Lawrence Abrams (Grinler)
Bleeping Computer - Computer Help and Discussion
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesn't - A brief introduction to the program

Program started at: 09/05/2012 03:17:22 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Program Files\Java\jre6\bin\jusched.exe (PID: 2348) [FI]

1 proccess terminated!

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Paul\Desktop\rkill\rkill-09-05-2012-03-17-32.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* AppMgmt [Missing Service]
* BFE [Missing Service]
* CscService [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/05/2012 03:17:46 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64AMD K10 45nm TechnologyAMD M880G with ATI Mobility Radeon HD 4250
OS
Windows 7 Home Premium x64
CPU
AMD K10 45nm Technology
Motherboard
Hewlett-Packard 143F (Socket S1G4)
Graphics Card(s)
AMD M880G with ATI Mobility Radeon HD 4250
Sound Card
IDT High Definition Audio CODEC
Monitor(s) Displays
Generic PnP Monitor (1366x768@60Hz)
Hard Drives
466GB Western Digital WDC WD5000BEVT-60A0RT0 ATA Device (SATA)
Hey, should I skip the chkdsk step? It keeps hanging at 2 of 3 steps, and I do not know if that's because I am missing files...
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64AMD K10 45nm TechnologyAMD M880G with ATI Mobility Radeon HD 4250
OS
Windows 7 Home Premium x64
CPU
AMD K10 45nm Technology
Motherboard
Hewlett-Packard 143F (Socket S1G4)
Graphics Card(s)
AMD M880G with ATI Mobility Radeon HD 4250
Sound Card
IDT High Definition Audio CODEC
Monitor(s) Displays
Generic PnP Monitor (1366x768@60Hz)
Hard Drives
466GB Western Digital WDC WD5000BEVT-60A0RT0 ATA Device (SATA)
Skip it
 

My Computer My Computer

At a glance

32 bit
OS
32 bit
Alright, I have ran the windows repair program. Now what?

Also, I have noticed an add-on that seems to be incompatible with Firefox, but I do not even remember installing it before. A bProtector?
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Home Premium x64AMD K10 45nm TechnologyAMD M880G with ATI Mobility Radeon HD 4250
OS
Windows 7 Home Premium x64
CPU
AMD K10 45nm Technology
Motherboard
Hewlett-Packard 143F (Socket S1G4)
Graphics Card(s)
AMD M880G with ATI Mobility Radeon HD 4250
Sound Card
IDT High Definition Audio CODEC
Monitor(s) Displays
Generic PnP Monitor (1366x768@60Hz)
Hard Drives
466GB Western Digital WDC WD5000BEVT-60A0RT0 ATA Device (SATA)
Bumping for help. Has this from yesterday, using rkill again.

Rkill 2.3.4 by Lawrence Abrams (Grinler)
Bleeping Computer - Computer Help and Discussion
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesn't - A brief introduction to the program

Program started at: 09/10/2012 01:02:17 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Program Files\Java\jre6\bin\jusched.exe (PID: 3456) [FI]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* AppMgmt [Missing Service]
* CscService [Missing Service]
* iphlpsvc [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]
* WinDefend [Missing Service]

Searching for Missing Digital Signatures:

I still do not know how to get rid of the virus, and now windows can not update itself thanks to it not being a genuine copy. Also, I do not know if I can make a copy of this hard drive without something screwing up. Help?
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64AMD K10 45nm TechnologyAMD M880G with ATI Mobility Radeon HD 4250
OS
Windows 7 Home Premium x64
CPU
AMD K10 45nm Technology
Motherboard
Hewlett-Packard 143F (Socket S1G4)
Graphics Card(s)
AMD M880G with ATI Mobility Radeon HD 4250
Sound Card
IDT High Definition Audio CODEC
Monitor(s) Displays
Generic PnP Monitor (1366x768@60Hz)
Hard Drives
466GB Western Digital WDC WD5000BEVT-60A0RT0 ATA Device (SATA)
Sorry for the delay, here's another log taking place after downloading and running some of the keys off of the webpage you directed me to (Most of what the log says was missing from there).
Program started at: 09/13/2012 03:34:18 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Program Files\Java\jre6\bin\jusched.exe (PID: 3772) [FI]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* AppMgmt [Missing Service]
* CscService [Missing Service]
* iphlpsvc [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]

* WinDefend => %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/13/2012 03:35:06 PM
Execution time: 0 hours(s), 0 minute(s), and 47 seconds(s)
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64AMD K10 45nm TechnologyAMD M880G with ATI Mobility Radeon HD 4250
OS
Windows 7 Home Premium x64
CPU
AMD K10 45nm Technology
Motherboard
Hewlett-Packard 143F (Socket S1G4)
Graphics Card(s)
AMD M880G with ATI Mobility Radeon HD 4250
Sound Card
IDT High Definition Audio CODEC
Monitor(s) Displays
Generic PnP Monitor (1366x768@60Hz)
Hard Drives
466GB Western Digital WDC WD5000BEVT-60A0RT0 ATA Device (SATA)
you're good now :)
 

My Computer My Computer

At a glance

32 bit
OS
32 bit
Are you sure?:sarc:
Cause that "[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001" kinda seems a bit....ominous. Also, that bProtector addon is still in my firefox manager. It says its disabled, but I can't seem to be able to remove it at all...

Edit: No redirect it seems on IE, but Google Chrome is still doing it. Thanks again for all your help.
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Home Premium x64AMD K10 45nm TechnologyAMD M880G with ATI Mobility Radeon HD 4250
OS
Windows 7 Home Premium x64
CPU
AMD K10 45nm Technology
Motherboard
Hewlett-Packard 143F (Socket S1G4)
Graphics Card(s)
AMD M880G with ATI Mobility Radeon HD 4250
Sound Card
IDT High Definition Audio CODEC
Monitor(s) Displays
Generic PnP Monitor (1366x768@60Hz)
Hard Drives
466GB Western Digital WDC WD5000BEVT-60A0RT0 ATA Device (SATA)
Nothing wrong with the registry entry

Download and run OTL

Download http://oldtimer.geekstogo.com/OTL.exe by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
 

My Computer My Computer

At a glance

32 bit
OS
32 bit
Code:
OTL logfile created on: 9/15/2012 11:37:11 PM - Run 1
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\Paul\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 45.53% Memory free
7.49 Gb Paging File | 4.13 Gb Available in Paging File | 55.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.92 Gb Total Space | 197.70 Gb Free Space | 44.44% Space Free | Partition Type: NTFS
Drive D: | 20.55 Gb Total Space | 2.99 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 90.88 Mb Free Space | 91.78% Space Free | Partition Type: FAT32
 
Computer Name: PAUL-LAPTOP | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[COLOR=#E56717]========== Processes (SafeList) ==========[/COLOR]
 
PRC -  File not found
PRC - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
PRC - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Acresso Corporation)
 
 
[COLOR=#E56717]========== Modules (No Company Name) ==========[/COLOR]
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
 
 
[COLOR=#E56717]========== Services (SafeList) ==========[/COLOR]
 
SRV:[B]64bit:[/B] - (!SASCORE) -- C:\Program Files\SUPERAntiSpywareare\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:[B]64bit:[/B] - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:[B]64bit:[/B] - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:[B]64bit:[/B] - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:[B]64bit:[/B] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[B]64bit:[/B] - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:[B]64bit:[/B] - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:[B]64bit:[/B] - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV:[B]64bit:[/B] - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe (Symantec Corporation)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DvmMDES) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
[COLOR=#E56717]========== Driver Services (SafeList) ==========[/COLOR]
 
DRV:[B]64bit:[/B] - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:[B]64bit:[/B] - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:[B]64bit:[/B] - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.sys (Symantec Corporation)
DRV:[B]64bit:[/B] - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.sys (Symantec Corporation)
DRV:[B]64bit:[/B] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:[B]64bit:[/B] - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccsetx64.sys (Symantec Corporation)
DRV:[B]64bit:[/B] - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symefa64.sys (Symantec Corporation)
DRV:[B]64bit:[/B] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnets.sys (Symantec Corporation)
DRV:[B]64bit:[/B] - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ironx64.sys (Symantec Corporation)
DRV:[B]64bit:[/B] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:[B]64bit:[/B] - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symds64.sys (Symantec Corporation)
DRV:[B]64bit:[/B] - (SASDIFSV) -- C:\Program Files\SUPERAntiSpywareare\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:[B]64bit:[/B] - (SASKUTIL) -- C:\Program Files\SUPERAntiSpywareare\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:[B]64bit:[/B] - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:[B]64bit:[/B] - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:[B]64bit:[/B] - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:[B]64bit:[/B] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[B]64bit:[/B] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[B]64bit:[/B] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[B]64bit:[/B] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:[B]64bit:[/B] - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[B]64bit:[/B] - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:[B]64bit:[/B] - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:[B]64bit:[/B] - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:[B]64bit:[/B] - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:[B]64bit:[/B] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:[B]64bit:[/B] - (DVMIO) -- C:\Windows\SysNative\drivers\dvmio.sys (DeviceVM, Inc.)
DRV:[B]64bit:[/B] - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:[B]64bit:[/B] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[B]64bit:[/B] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[B]64bit:[/B] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[B]64bit:[/B] - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:[B]64bit:[/B] - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:[B]64bit:[/B] - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:[B]64bit:[/B] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[B]64bit:[/B] - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:[B]64bit:[/B] - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:[B]64bit:[/B] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[B]64bit:[/B] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[B]64bit:[/B] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[B]64bit:[/B] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120915.008\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120915.008\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120914.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120905.001\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
[COLOR=#E56717]========== Standard Registry (SafeList) ==========[/COLOR]
 
 
[COLOR=#E56717]========== Internet Explorer ==========[/COLOR]
 
IE:[B]64bit:[/B] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[B]64bit:[/B] - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9E457C61-464F-4C1F-A525-7B2572FE752F}
IE - HKLM\..\SearchScopes\{9E457C61-464F-4C1F-A525-7B2572FE752F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{D9556055-A346-4290-BACA-44DA16A78FD1}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1802773089-3845710631-1931485571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1802773089-3845710631-1931485571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1802773089-3845710631-1931485571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://xfinity.comcast.net/ [binary data]
IE - HKU\S-1-5-21-1802773089-3845710631-1931485571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1802773089-3845710631-1931485571-1000\..\SearchScopes,DefaultScope = {9E457C61-464F-4C1F-A525-7B2572FE752F}
IE - HKU\S-1-5-21-1802773089-3845710631-1931485571-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[COLOR=#E56717]========== FireFox ==========[/COLOR]
 
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2653012&SearchSource=13"
FF - prefs.js..extensions.enabledAddons: [email protected]:2.5
FF - prefs.js..extensions.enabledAddons: [email protected]:1.1
FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.18
FF - prefs.js..extensions.enabledAddons: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {E4091D66-127C-11DB-903A-DE80D2EFDFE8}:1.6.5.5
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.0
FF - prefs.js..extensions.enabledAddons: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1
FF - prefs.js..extensions.enabledAddons: [email protected]:0.1.7
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..extensions.enabledAddons: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1.1
FF - prefs.js..extensions.enabledAddons: [email protected]:4.5
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.5
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=2&q="
FF - user.js - File not found
 
FF:[B]64bit:[/B] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:[B]64bit:[/B] - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:[B]64bit:[/B] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:[B]64bit:[/B] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[B]64bit:[/B] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/08/25 13:11:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012/09/14 15:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2012/08/25 13:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/25 13:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/25 13:11:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/25 13:11:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/25 13:11:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 01:14:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 01:14:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension [2012/09/02 20:14:33 | 000,000,000 | ---D | M]
 
[2012/01/08 18:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
[2012/09/14 20:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions
[2012/08/25 12:18:08 | 000,000,000 | ---D | M] (XFINITY Toolbar) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}
[2012/09/01 14:26:25 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/08/25 13:11:37 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2012/01/08 19:01:04 | 000,000,000 | ---D | M] ("ImageHost Grabber") -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
[2012/09/07 19:32:15 | 000,000,000 | ---D | M] (Advanced Cookie Manager) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions\[email protected]
[2012/09/14 20:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions\staged
[1832/11/29 00:22:58 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions\[email protected]
[2012/08/31 14:21:27 | 000,226,493 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions\[email protected]
[2012/01/08 19:01:04 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions\[email protected]
[2012/09/14 15:21:58 | 000,527,915 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/08/14 13:54:07 | 000,061,403 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012/09/12 23:23:16 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/08/24 15:06:43 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/06/17 21:06:58 | 000,041,372 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi
[2012/09/14 20:16:45 | 000,270,876 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\extensions\staged\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/01/18 20:44:24 | 000,000,933 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9ksz9ca1.default\searchplugins\conduit.xml
[2012/09/07 01:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/25 13:11:34 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/09/07 01:14:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/07/08 17:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll
[2012/08/07 16:12:00 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/08/31 14:20:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/31 14:20:26 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
[COLOR=#E56717]========== Chrome  ==========[/COLOR]
 
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Toolbar = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Norton Identity Protection = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: 4chan Plus = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\2.5.5_0\
CHR - Extension: Gmail = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/09/07 20:05:44 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:[B]64bit:[/B] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:[B]64bit:[/B] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[B]64bit:[/B] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:[B]64bit:[/B] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1802773089-3845710631-1931485571-1000\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O4:[B]64bit:[/B] - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:[B]64bit:[/B] - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:[B]64bit:[/B] - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:[B]64bit:[/B] - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:[B]64bit:[/B] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1802773089-3845710631-1931485571-1000..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-1802773089-3845710631-1931485571-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1802773089-3845710631-1931485571-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpywareare\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1802773089-3845710631-1931485571-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1802773089-3845710631-1931485571-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O13[B]64bit:[/B] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[B]64bit:[/B] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Value error.)
O16:[B]64bit:[/B] - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:[B]64bit:[/B] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AD56671-E2B0-4646-BFC0-35BFE3CCB808}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:[B]64bit:[/B] - Protocol\Handler\livecall - No CLSID value found
O18:[B]64bit:[/B] - Protocol\Handler\ms-help - No CLSID value found
O18:[B]64bit:[/B] - Protocol\Handler\ms-itss - No CLSID value found
O18:[B]64bit:[/B] - Protocol\Handler\msnim - No CLSID value found
O18:[B]64bit:[/B] - Protocol\Handler\skype4com - No CLSID value found
O18:[B]64bit:[/B] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[B]64bit:[/B] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\22453~1.59\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll ()
O20:[B]64bit:[/B] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[B]64bit:[/B] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[B]64bit:[/B] - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[B]64bit:[/B] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1cafc1e4-692d-11e0-bc7f-de96aef51999}\Shell - "" = AutoRun
O33 - MountPoints2\{1cafc1e4-692d-11e0-bc7f-de96aef51999}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup\rsrc\Autorun.exe
O33 - MountPoints2\G\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[B]64bit:[/B] - HKLM\..comfile [open] -- "%1" %*
O35:[B]64bit:[/B] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[B]64bit:[/B] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[B]64bit:[/B] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[COLOR=#E56717]========== Files/Folders - Created Within 30 Days ==========[/COLOR]
 
[2012/09/15 23:35:27 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2012/09/12 19:52:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 19:52:17 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/11 16:42:55 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/11 16:42:55 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/09 17:50:29 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{CC337E9C-D5D9-4ECC-A1DC-96567513BD55}
[2012/09/07 21:14:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/07 20:28:54 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/09/07 19:26:30 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2012/09/07 19:21:50 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/09/07 01:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/07 00:00:35 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{8CAFB278-7DD9-4F3C-98E2-E8BF089B48BF}
[2012/09/06 20:49:23 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{7A1B9101-C6EC-4EAC-9803-D9E841A82FE5}
[2012/09/06 12:31:08 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/09/06 12:11:01 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/09/06 12:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/09/06 12:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/09/05 15:17:32 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\rkill
[2012/09/04 23:50:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\RK_Quarantine
[2012/09/04 19:43:17 | 001,614,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Paul\Desktop\rkill.com
[2012/09/04 15:31:42 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\SUPERAntiSpyware.com
[2012/09/04 15:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/04 15:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/03 20:18:39 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{0B7E608C-BDBE-463D-A860-D9233F2B9AB3}
[2012/09/02 20:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012/09/02 20:14:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012/09/02 20:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows
[2012/09/02 17:51:14 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{392FE6A1-4AFE-4B68-AEED-C92055639108}
[2012/08/31 23:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/31 23:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/31 23:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/08/27 02:55:22 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{88F86773-0600-43CF-AB73-A7073B829526}
[2012/08/26 20:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThisSucka
[2012/08/26 20:46:15 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/08/25 23:51:20 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{1B11365C-D7B2-4191-96FA-2A402DCB92BB}
[2012/08/25 19:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpywareare
[2012/08/25 14:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/25 14:12:08 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\TestApp
[2012/08/25 12:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SFT
[2012/08/25 12:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\GID
[2012/08/25 12:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xfin_portal
[2012/08/25 12:18:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite1
[2012/08/25 12:06:24 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\iolo
[2012/08/25 12:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2012/08/24 22:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/08/24 22:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/24 22:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2012/08/24 21:53:51 | 000,126,312 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/08/24 21:53:51 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/08/24 21:51:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/08/24 20:00:19 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2012/08/24 20:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/22 15:11:59 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/08/22 15:11:33 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/08/19 14:25:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{648FECFE-8D0B-411D-814A-104142A0A815}
[2012/08/18 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{0E063B9C-71BB-4600-9B86-516073FDFF61}
[2012/08/17 18:13:06 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{798B9EDE-2195-4E4F-B3A1-5170DC022172}
[2012/08/17 18:12:46 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{D557A6A8-0BF7-4F34-A154-BFD6CA9F2BFF}
 
[COLOR=#E56717]========== Files - Modified Within 30 Days ==========[/COLOR]
 
File not found -- C:\Windows\SysNative\
[2012/09/15 23:35:28 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2012/09/15 23:15:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/15 15:29:14 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/15 15:29:14 | 000,660,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/15 15:29:14 | 000,121,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/15 15:26:44 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/15 15:26:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/14 15:29:37 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 15:29:37 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 15:19:45 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/12 22:54:20 | 001,890,943 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Cat.DB
[2012/09/08 17:21:36 | 000,010,036 | ---- | M] () -- C:\Users\Paul\Documents\cc_20120908_172105.reg
[2012/09/07 21:14:48 | 000,355,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/07 21:12:20 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/09/07 20:05:44 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/07 20:03:36 | 000,779,306 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/07 19:24:46 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-PAUL-LAPTOP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/09/06 12:10:54 | 000,002,291 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/09/04 23:17:13 | 001,378,816 | ---- | M] () -- C:\Users\Paul\Desktop\RogueKiller.exe
[2012/09/04 19:43:21 | 001,614,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Paul\Desktop\rkill.com
[2012/09/04 18:17:31 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/04 15:31:02 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/02 20:16:28 | 000,002,237 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Veoh Web Player Beta.lnk
[2012/09/02 20:16:28 | 000,002,215 | ---- | M] () -- C:\Users\Paul\Desktop\Veoh Web Player.lnk
[2012/09/02 13:16:35 | 003,707,174 | ---- | M] () -- C:\Users\Paul\Documents\bookmark.htm
[2012/09/02 00:55:18 | 000,007,598 | ---- | M] () -- C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
[2012/08/31 23:33:34 | 000,001,262 | ---- | M] () -- C:\Users\Paul\Desktop\Spybot - Search & Destroy.lnk
[2012/08/29 17:38:03 | 000,000,590 | ---- | M] () -- C:\Users\Paul\Documents\Radio Playlist.xspf
[2012/08/26 20:46:15 | 000,003,003 | ---- | M] () -- C:\Users\Paul\Desktop\HiJackThis.lnk
[2012/08/26 20:39:09 | 000,000,983 | ---- | M] () -- C:\Users\Paul\Desktop\PeaZip.lnk
[2012/08/25 13:41:21 | 000,002,431 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2012/08/25 13:36:36 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\VT20120731.038
[2012/08/24 21:53:41 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/24 21:53:41 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/24 21:53:41 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/22 15:11:25 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/08/22 15:11:25 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/08/22 15:11:25 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/08/22 15:11:25 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/08/22 15:11:25 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/08/22 15:11:25 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/08/22 14:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/08/22 14:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/08/22 12:24:17 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/22 12:24:17 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/21 18:46:29 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPaul.job
[2012/08/20 16:14:52 | 000,006,904 | ---- | M] () -- C:\Users\Paul\Documents\cc_20120820_161437.reg
[2012/08/20 14:47:52 | 000,000,222 | ---- | M] () -- C:\Users\Paul\Desktop\Superbrothers Sword & Sworcery EP.url
 
[COLOR=#E56717]========== Files Created - No Company Name ==========[/COLOR]
 
File not found -- C:\Windows\SysNative\
[2012/09/08 17:21:09 | 000,010,036 | ---- | C] () -- C:\Users\Paul\Documents\cc_20120908_172105.reg
[2012/09/07 20:01:01 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/09/07 19:24:46 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PAUL-LAPTOP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/09/06 12:10:53 | 000,002,291 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/09/04 23:17:12 | 001,378,816 | ---- | C] () -- C:\Users\Paul\Desktop\RogueKiller.exe
[2012/09/04 15:31:02 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/02 20:16:28 | 000,002,237 | ---- | C] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Veoh Web Player Beta.lnk
[2012/09/02 13:12:41 | 003,707,174 | ---- | C] () -- C:\Users\Paul\Documents\bookmark.htm
[2012/08/31 23:33:34 | 000,001,262 | ---- | C] () -- C:\Users\Paul\Desktop\Spybot - Search & Destroy.lnk
[2012/08/29 17:38:02 | 000,000,590 | ---- | C] () -- C:\Users\Paul\Documents\Radio Playlist.xspf
[2012/08/26 20:46:15 | 000,003,003 | ---- | C] () -- C:\Users\Paul\Desktop\HiJackThis.lnk
[2012/08/20 16:14:46 | 000,006,904 | ---- | C] () -- C:\Users\Paul\Documents\cc_20120820_161437.reg
[2012/08/20 14:47:52 | 000,000,222 | ---- | C] () -- C:\Users\Paul\Desktop\Superbrothers Sword & Sworcery EP.url
[2012/08/16 01:54:46 | 000,000,350 | ---- | C] () -- C:\Windows\d3xp.ini
[2012/05/27 21:45:38 | 000,000,343 | ---- | C] () -- C:\Windows\doom3.ini
[2012/01/02 16:11:37 | 000,779,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/25 00:04:57 | 000,000,032 | R--- | C] () -- C:\Users\Paul\hash.dat
[2011/11/03 13:46:40 | 000,007,598 | ---- | C] () -- C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
[2011/06/06 20:48:12 | 000,000,036 | ---- | C] () -- C:\Users\Paul\.org.eclipse.epp.usagedata.recording.userId
[2011/05/19 13:08:45 | 000,001,940 | ---- | C] () -- C:\Users\Paul\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

< End of report >
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64AMD K10 45nm TechnologyAMD M880G with ATI Mobility Radeon HD 4250
OS
Windows 7 Home Premium x64
CPU
AMD K10 45nm Technology
Motherboard
Hewlett-Packard 143F (Socket S1G4)
Graphics Card(s)
AMD M880G with ATI Mobility Radeon HD 4250
Sound Card
IDT High Definition Audio CODEC
Monitor(s) Displays
Generic PnP Monitor (1366x768@60Hz)
Hard Drives
466GB Western Digital WDC WD5000BEVT-60A0RT0 ATA Device (SATA)
Hey, do you want me to upload the extra file here too now? Or should I use the OldTimer program again? Had a system crash on start-up out of no where yesterday, even though the computer turned off properly. Still worried. Also, would I be able to get rid of bProtector if I just delete the program data folder?
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Home Premium x64AMD K10 45nm TechnologyAMD M880G with ATI Mobility Radeon HD 4250
OS
Windows 7 Home Premium x64
CPU
AMD K10 45nm Technology
Motherboard
Hewlett-Packard 143F (Socket S1G4)
Graphics Card(s)
AMD M880G with ATI Mobility Radeon HD 4250
Sound Card
IDT High Definition Audio CODEC
Monitor(s) Displays
Generic PnP Monitor (1366x768@60Hz)
Hard Drives
466GB Western Digital WDC WD5000BEVT-60A0RT0 ATA Device (SATA)
Back
Top