Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Google redirects to IP address 8.26.70.252

Started by Art_B , May 30 2012 01:34 AM

This topic is locked

20 replies to this topic

#1 Art_B

New Member

Members
12 posts

Posted 30 May 2012 - 01:34 AM

Need your help to remove what appears to be Google redirect malware. I am running Windows 7 and I use Windows Internet Explorer and Mozilla Firefox browsers. Initially, when I attempt to search with Google, the malware redirects me to IP address 8.26.70.252 and from that address there are additional redirects. Last week, the day after the redirects started occurring, I installed 3 programs in hopes on their being able to remove the malware: Malwarebytes, Superantispyware and Hitman. Hitman stopped Google redirects but only when I use Windows Internet Explorer, when I try to use Firefox to search with Google, the redirects still occur. When I ran Malwarebytes, Superantispyware they found some other problems but didn’t find the source of redirect problem. I also ran TDSSKiller and FixTDSS and they did not find anything.

In addition, I have looked at the host file for redirects, (there weren’t any) and at proxy settings of the web browsers and they appear to be correct.

At this point I would like your advice on next steps to take.

BC Ads
BleepingComputer.com

#2 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 30 May 2012 - 02:00 AM

Hello Art_B and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
- Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.
- Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

Was this issue occurring in Internet Explorer before as well or is this something that's been isolated to just Firefox?

If it's the latter, then it's probably a FireFox infection. But I'll need to see logs to be able to say for sure.

NEXT:

Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

NEXT:

Running OTL

We need to create a New FULL OTL Report

Please download OTL from here if you have not done so already:
- Main Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"

Copy and Paste the following code into the Posted Image

textbox.

msconfig
safebootminimal
activex
drivers32
netsvcs
CreateRestorePoint
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe
wininit.exe
tdx.sys
afd.sys
netbt.sys
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL.txt & Extras.txt logs.
3. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 Art_B

New Member

Members
12 posts

Posted 30 May 2012 - 07:12 PM

ST:

Thanks for your quick reply. You have only asked one question, 1st I will answer it then paste in the 1 of the 3 logs you requested below.

Question: Was this issue occurring in Internet Explorer before as well or is this something that's been isolated to just Firefox?

Answer:
Yes, it was occurring in Internet Explorer, thats where I first encountered the redirect problem. Then I installed and ran Malwarebytes, Superantispyware and Hitman. After running Hitman, the redirects when I use Internet Explorer were stopped. The May 19, 2012 history file from Hitman shows it found and quarantined 5 files, 3 of those it labeled as Riskware and 2 it labeled as Malware, all 5 files are listed below.

3 Riskware files found by Hitman:
YontooSetup-Silent.exe (located in: C:\Users\AJB\AppData\Local\Temp)
_Setupx.dll (located in: C:\ProgramData\Tarma Installer\889DF117-14D1-44EE-9F31-C5)
YontooIEClient.dll (located in C:\Program Files (x86)\Yontoo)

2 Malware files found by Hitman:
ipemm.dll (located in C:\Users\AJB\AppData\Local\Ahead\Adobe)
ipemm.dll (located in: C:\Users\AJB\AppData\Local\Temp\nsd8F09.tmp)

Unfortunately, Hitman was only able to stop the redirects when I am using Internet Explorer, when I use Firefox, they still occur.

Below I have pasted in the text from only 1 of log files, (FSS.txt) you requested since your messaging software complained about this message being too long when I pasted in all 3 logs into this message. I will send you the 2 other logs you requested separately in 2 additional messages, if I dont run into a message size limitations again. In that case I will need to send them in more than 2 addtional messages. Hopefully, only 2 additional messages will be required.

Best regards,

Art_B

Text of file FSS.txt

Farbar Service Scanner Version: 27-05-2012
Ran by AJB (administrator) on 30-05-2012 at 16:16:14
Running from "C:\Users\AJB\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#4 Art_B

New Member

Members
12 posts

Posted 30 May 2012 - 07:16 PM

ST:

Below I have pasted in text from the log file: OTL.txt that you requested.

OTL logfile created on: 5/30/2012 4:23:37 PM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\AJB\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 66.60% Memory free
6.29 Gb Paging File | 3.99 Gb Available in Paging File | 63.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 360.51 Gb Total Space | 3.74 Gb Free Space | 1.04% Space Free | Partition Type: NTFS
Drive F: | 962.13 Mb Total Space | 938.84 Mb Free Space | 97.58% Space Free | Partition Type: FAT

Computer Name: AJB-PC | User Name: AJB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/30 16:18:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\AJB\Downloads\OTL.exe
PRC - [2012/05/25 15:21:44 | 000,992,648 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/05/25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012/05/06 16:38:39 | 000,932,736 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/05/06 16:38:32 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/05/06 10:23:46 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/01 02:07:03 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2010/12/02 14:45:18 | 000,218,432 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/03/18 16:25:28 | 000,334,432 | ---- | M] (FLIR) -- C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Mon.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/16 23:39:58 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009/08/06 12:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/08/06 12:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/04 00:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/10 17:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/07/10 04:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/07/01 21:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/04/16 01:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/25 13:30:08 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/06 19:06:05 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007/09/11 19:29:47 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
PRC - [2007/07/11 17:09:48 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
PRC - [2007/05/10 14:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe
PRC - [2007/04/21 10:37:02 | 000,270,336 | ---- | M] () -- C:\Windows\tsnpstd3.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
PRC - [2004/05/12 15:04:54 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Ahead\Ahead\data\Xtras\mssysmgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/06 16:38:40 | 000,130,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/05/06 16:38:32 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2008/01/06 19:06:05 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2007/07/11 17:09:48 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
MOD - [2007/05/10 14:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe
MOD - [2007/04/21 10:37:02 | 000,270,336 | ---- | M] () -- C:\Windows\tsnpstd3.exe
MOD - [2004/05/12 15:04:54 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Ahead\Ahead\data\Xtras\mssysmgr.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/19 20:18:37 | 000,107,848 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2012/03/22 19:30:56 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/11/20 08:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/11/20 08:25:33 | 001,525,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2010/03/18 16:25:48 | 000,781,408 | ---- | M] (FLIR) [Auto | Running] -- C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Srv.exe -- (T3Srv)
SRV:64bit: - [2009/08/28 22:05:26 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/01 21:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2012/05/25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/05/06 16:38:39 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/05/06 10:23:47 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/02 14:45:18 | 000,218,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/06 12:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/07/13 20:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/10 04:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 15:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/09/29 19:14:00 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/09/29 19:13:36 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/07/15 15:18:22 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2010/04/01 15:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/02/17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010/02/17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2010/01/25 20:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/07/28 02:35:52 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/13 18:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/07/01 13:26:10 | 000,021,504 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\plturbo.sys -- (PLTurbo)
DRV:64bit: - [2009/07/01 13:26:06 | 000,019,456 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\plturbh.sys -- (PLTurbh)
DRV:64bit: - [2009/06/30 23:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/06/30 23:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/06/30 23:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/26 08:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/05/25 15:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 19:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/04/27 03:25:58 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/04/07 02:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/01/29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/08/06 18:36:08 | 000,063,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/28 10:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV:64bit: - [2008/03/13 16:37:36 | 010,761,472 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV:64bit: - [2007/11/02 16:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/25 22:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)
DRV - [2008/03/13 16:44:42 | 010,423,936 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1810t&r=273602100306l0383z1j5t4811d279
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1810t&r=273602100306l0383z1j5t4811d279
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1810t&r=273602100306l0383z1j5t4811d279
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1810t&r=273602100306l0383z1j5t4811d279
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1810t&r=273602100306l0383z1j5t4811d279
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1810t&r=273602100306l0383z1j5t4811d279
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=GLSV5&o=10168&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=GL&apn_dtid=YYYYYYYYUS&apn_uid=54405D29-BCE8-45C7-99DF-9371E41B2C6E&apn_sauid=F6E6EB91-5299-4B66-B602-DCEFFFB7D7C8
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\SearchScopes\{5BEF0890-1D3F-4163-BF0A-BA2B034912CC}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS366US367
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={97CF6A37-CE8B-48DB-A309-9B42ECCB428F}&mid=cb75980189de47d0a2f2dd2930514c99-9243bdfbf2c57df5c8a36610dd90b7de4b66de2d&lang=en&ds=gm011&pr=sa&d=2012-05-06 16:38:40&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\SearchScopes\{E224BCBC-BF30-4174-A959-D20A495E3AB2}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid=%7Bdd7ad413-e9b3-40ed-b765-84fde4e6f32c%7D&mid=cb75980189de47d0a2f2dd2930514c99-9243bdfbf2c57df5c8a36610dd90b7de4b66de2d&ds=gm011&v=11.0.0.9&lang=en&pr=sa&d=2012-05-06%2016%3A38%3A40"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Bdd7ad413-e9b3-40ed-b765-84fde4e6f32c%7D&mid=cb75980189de47d0a2f2dd2930514c99-9243bdfbf2c57df5c8a36610dd90b7de4b66de2d&ds=gm011&v=11.0.0.9&lang=en&pr=sa&d=2012-05-06%2016%3A38%3A40&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/25 00:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/10 01:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/06 16:38:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/05/07 17:01:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/06 10:11:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/10 01:12:59 | 000,000,000 | ---D | M]

[2012/05/06 10:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AJB\AppData\Roaming\Mozilla\Extensions
[2012/05/26 01:23:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AJB\AppData\Roaming\Mozilla\Firefox\Profiles\279jix0p.default\extensions
[2012/05/06 10:24:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\AJB\AppData\Roaming\Mozilla\Firefox\Profiles\279jix0p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/06 10:11:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/26 01:23:38 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012/05/26 01:23:38 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
[2012/05/06 16:38:55 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.0.0.9
[2012/05/20 16:36:26 | 000,057,702 | ---- | M] () (No name found) -- C:\USERS\AJB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\279JIX0P.DEFAULT\EXTENSIONS\{FE0258AB-4F74-43A1-8781-BCDF340F9EE9}.XPI
[2012/05/19 14:13:19 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\AJB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\279JIX0P.DEFAULT\EXTENSIONS\ZNWAYTZUQS@ZNWAYTZUQS.ORG.XPI
[2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/06 16:38:30 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei=utf-8&fr=chr-greentree_gc&type=937811&ilc=12&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\AJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\AJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\AJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\AJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: We-Care Reminder Lite = C:\Users\AJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.12_0\
CHR - Extension: Yontoo = C:\Users\AJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\
CHR - Extension: Gmail = C:\Users\AJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120430033908.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120506205446.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [FS Camera Monitor] C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Mon.exe (FLIR)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\windows\system32\oem\setEvent.exe File not found
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Prolific_OneButton] C:\Program Files (x86)\USBFast\OneBtn.exe File not found
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4081765290-584125182-3648185446-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-4081765290-584125182-3648185446-1000..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files (x86)\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
O4 - HKU\S-1-5-21-4081765290-584125182-3648185446-1000..\Run: [Picasa Media Detector] C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-21-4081765290-584125182-3648185446-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\AJB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate Product Registration.lnk = C:\Users\AJB\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A0A3768-1E8B-4513-BA7E-FD7E4866E0F9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D16F7775-FF2B-499B-A2D1-58001FB66BCC}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f215dba-8104-11e0-a011-0c6076b5a56a}\Shell - "" = AutoRun
O33 - MountPoints2\{0f215dba-8104-11e0-a011-0c6076b5a56a}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{9200bee4-16b8-11df-8801-00269e7cde93}\Shell - "" = AutoRun
O33 - MountPoints2\{9200bee4-16b8-11df-8801-00269e7cde93}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b7226eaf-3235-11e1-b87e-00269e7cde93}\Shell - "" = AutoRun
O33 - MountPoints2\{b7226eaf-3235-11e1-b87e-00269e7cde93}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/30 13:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/05/30 13:10:26 | 000,000,000 | R--D | C] -- C:\Users\AJB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012/05/29 03:43:08 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\11398540.sys
[2012/05/26 01:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012/05/26 01:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar
[2012/05/26 01:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012/05/25 17:36:04 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\AJB\Desktop\TDSSKiller (2).exe
[2012/05/20 23:37:10 | 000,000,000 | ---D | C] -- C:\Users\AJB\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/20 23:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/20 23:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/20 23:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/20 21:37:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/20 16:27:29 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\AJB\Desktop\FixTDSS.exe
[2012/05/19 21:23:55 | 000,000,000 | ---D | C] -- C:\Users\AJB\AppData\Roaming\Malwarebytes
[2012/05/19 21:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/19 21:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/19 21:23:39 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/19 21:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/19 20:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/05/19 20:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/05/19 20:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/05/16 07:40:44 | 002,126,424 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\AJB\Desktop\TDSSKiller.exe
[2012/05/15 03:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/15 03:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/15 03:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/13 18:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ache 2.0
[2012/05/13 18:56:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ache 2.0
[2012/05/13 18:55:17 | 002,243,484 | ---- | C] (Hudson Products Corporation ) -- C:\Users\AJB\Documents\ACHE2Setup.exe
[2012/05/11 00:28:34 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/11 00:27:48 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/11 00:27:44 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/11 00:27:43 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/09 00:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD YouTube Downloader & Converter
[2012/05/09 00:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD YouTube Downloader & Converter
[2012/05/07 23:31:18 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Richtx32.ocx
[2012/05/07 23:31:18 | 000,196,608 | ---- | C] (1-2-3PDFConverter) -- C:\Windows\SysWow64\Utility.dll
[2012/05/07 23:31:18 | 000,117,507 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.ocx
[2012/05/07 23:31:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\gs
[2012/05/07 23:31:03 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll
[2012/05/07 23:31:03 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2012/05/07 23:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\123PDF
[2012/05/07 07:42:24 | 000,000,000 | ---D | C] -- C:\Users\AJB\Documents\hold
[2012/05/06 16:39:01 | 000,000,000 | ---D | C] -- C:\Users\AJB\AppData\Local\AVG Secure Search
[2012/05/06 16:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/05/06 16:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/05/06 16:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/05/06 16:37:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/06 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\AJB\dwhelper
[2012/05/06 10:23:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/05/06 10:18:37 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/06 10:11:19 | 000,000,000 | ---D | C] -- C:\Users\AJB\AppData\Roaming\Mozilla
[2012/05/06 10:11:19 | 000,000,000 | ---D | C] -- C:\Users\AJB\AppData\Local\Mozilla
[2012/05/06 10:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/06 10:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/06 10:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/05/05 21:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF reDirect
[2012/05/05 16:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF reDirect v2
[2012/05/05 16:24:48 | 000,000,000 | ---D | C] -- C:\Users\AJB\AppData\Roaming\PDF reDirect
[2012/05/05 16:24:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF reDirect
[2012/05/05 16:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[1 C:\Users\AJB\Documents\*.tmp files -> C:\Users\AJB\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/30 17:00:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/30 16:42:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/30 15:37:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 21d36995-287b-4ece-8b8b-1e0990e0abe0.job
[2012/05/30 15:08:24 | 000,177,563 | ---- | M] () -- C:\Users\AJB\Desktop\page__pid__2715129.pdf
[2012/05/30 15:02:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/30 13:17:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/30 13:17:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/30 13:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/30 13:09:22 | 3144,871,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/30 02:39:16 | 000,018,952 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2012/05/30 02:00:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3279b39f-6800-46d5-b2cc-0e8e747f57e6.job
[2012/05/30 01:49:42 | 000,073,138 | ---- | M] () -- C:\Users\AJB\Documents\malware quarantined by Hitman.JPG
[2012/05/29 04:28:20 | 000,620,288 | ---- | M] () -- C:\Users\AJB\Documents\support hitman.pdf
[2012/05/29 04:20:54 | 000,824,142 | ---- | M] () -- C:\Users\AJB\Documents\how-to-disable-your-security-applications-490111_html.pdf
[2012/05/29 04:15:31 | 000,098,482 | ---- | M] () -- C:\Users\AJB\Documents\page__st__105.pdf
[2012/05/29 04:14:47 | 000,131,332 | ---- | M] () -- C:\Users\AJB\Documents\page__st__90.pdf
[2012/05/29 04:13:30 | 001,041,519 | ---- | M] () -- C:\Users\AJB\Documents\2495-services-start-disable_html.pdf
[2012/05/29 04:09:58 | 000,114,755 | ---- | M] () -- C:\Users\AJB\Documents\page__st__75.pdf
[2012/05/29 04:07:54 | 000,119,855 | ---- | M] () -- C:\Users\AJB\Documents\page__st__60.pdf
[2012/05/29 04:06:30 | 000,147,324 | ---- | M] () -- C:\Users\AJB\Documents\page__st__45.pdf
[2012/05/29 04:05:36 | 000,140,415 | ---- | M] () -- C:\Users\AJB\Documents\page__st__30.pdf
[2012/05/29 04:04:26 | 000,196,474 | ---- | M] () -- C:\Users\AJB\Documents\page__st__15.pdf
[2012/05/29 04:03:17 | 000,307,626 | ---- | M] () -- C:\Users\AJB\Documents\topic114351_html.pdf
[2012/05/29 03:54:32 | 000,497,417 | ---- | M] () -- C:\Users\AJB\Documents\topic454528_html.pdf
[2012/05/29 03:43:08 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\11398540.sys
[2012/05/29 03:42:53 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\AJB\Desktop\TDSSKiller (2).exe
[2012/05/28 21:07:01 | 000,949,915 | ---- | M] () -- C:\Users\AJB\Documents\preparation.pdf
[2012/05/28 19:55:19 | 000,146,472 | ---- | M] () -- C:\Users\AJB\Documents\226367-how-to-stop-a-redirect-to-8-26-70-252page=2.pdf
[2012/05/28 19:53:52 | 000,312,466 | ---- | M] () -- C:\Users\AJB\Documents\226367-how-to-stop-a-redirect-to-8-26-70-252.pdf
[2012/05/28 19:45:53 | 000,950,016 | ---- | M] () -- C:\Users\AJB\Documents\topic34773_html.pdf
[2012/05/28 19:38:52 | 000,113,522 | ---- | M] () -- C:\Users\AJB\Documents\how to remove 99 pct of malware.pdf
[2012/05/28 19:29:29 | 000,182,094 | ---- | M] () -- C:\Users\AJB\Documents\malwarebytes-anti-malware.pdf
[2012/05/28 19:24:42 | 000,050,868 | ---- | M] () -- C:\Users\AJB\Documents\How-do-I-uninstall-antivirus-or-antispyware-programsmkt=en-us.pdf
[2012/05/28 19:23:14 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/26 11:15:00 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/05/21 21:58:44 | 000,119,625 | ---- | M] () -- C:\Users\AJB\Documents\combofix - topic391848_html.pdf
[2012/05/21 02:20:52 | 028,189,043 | ---- | M] () -- C:\Users\AJB\Documents\How to use combofix.mp4
[2012/05/21 02:13:13 | 033,042,616 | ---- | M] () -- C:\Users\AJB\Documents\ComboFix_ How-to download, install & run.mp4
[2012/05/21 02:07:55 | 046,799,398 | ---- | M] () -- C:\Users\AJB\Documents\COMBO FIX FOR THE WIN!!!!.mp4
[2012/05/21 01:53:51 | 032,081,890 | ---- | M] () -- C:\Users\AJB\Documents\Combofix - Malware Removal Made Easy.flv
[2012/05/20 23:36:05 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/05/20 23:10:10 | 000,257,020 | ---- | M] () -- C:\Users\AJB\Documents\challenges-of-removing-google-redirect-virus-part-4-of-4_html.pdf
[2012/05/20 23:07:52 | 000,263,006 | ---- | M] () -- C:\Users\AJB\Documents\challenges-of-removing-google-redirect-virus-part-2-of-4_html.pdf
[2012/05/20 23:03:07 | 000,288,222 | ---- | M] () -- C:\Users\AJB\Documents\challenges-of-removing-google-redirect-virus-part-3-of-4_html.pdf
[2012/05/20 22:17:30 | 000,098,206 | ---- | M] () -- C:\Users\AJB\Documents\avg-forumssec=thread&act=show&id=173234.pdf
[2012/05/20 21:03:06 | 000,094,254 | ---- | M] () -- C:\Users\AJB\Documents\windows 7 equivalent of run.pdf
[2012/05/20 17:55:18 | 002,155,715 | ---- | M] () -- C:\Users\AJB\Documents\step-step-google-redirect-virus-removal-guide.pdf
[2012/05/20 17:50:10 | 000,887,515 | ---- | M] () -- C:\Users\AJB\Documents\easily-remove-google-redirect-virus-from-your-computer.pdf
[2012/05/20 17:38:35 | 000,156,915 | ---- | M] () -- C:\Users\AJB\Documents\internet redirect problems.pdf
[2012/05/20 17:28:28 | 000,602,944 | ---- | M] () -- C:\Users\AJB\Documents\remove-google-redirect-virus.pdf
[2012/05/20 17:17:57 | 000,771,260 | ---- | M] () -- C:\Users\AJB\Documents\getting rid of the redirect virus dot org.pdf
[2012/05/20 17:17:05 | 021,176,139 | ---- | M] () -- C:\Users\AJB\Documents\How to get rid off the Google redirect Virus 100% working - router infection.mp4
[2012/05/20 17:12:10 | 053,379,318 | ---- | M] () -- C:\Users\AJB\Documents\Internet Browser Redirect Virus - Tutorial to Removal - variety of methods.mp4
[2012/05/20 16:59:13 | 000,289,750 | ---- | M] () -- C:\Users\AJB\Documents\how-to-remove-the-google-redirect-virus.pdf
[2012/05/20 16:57:41 | 047,238,295 | ---- | M] () -- C:\Users\AJB\Documents\Google Redirect Virus Fix For Windows 7 - using combofix.mp4
[2012/05/20 16:27:42 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\AJB\Desktop\FixTDSS.exe
[2012/05/20 16:04:02 | 000,464,678 | ---- | M] () -- C:\Users\AJB\Documents\how-to-do-a-complete-internet-explorer-optimization_html.pdf
[2012/05/20 16:02:10 | 000,530,502 | ---- | M] () -- C:\Users\AJB\Documents\google-redirect-virus-remove-manually_html.pdf
[2012/05/20 15:58:18 | 151,040,735 | ---- | M] () -- C:\Users\AJB\Documents\Google Redirect Virus - Fix Google Redirect Virus Manually -good.mp4
[2012/05/20 15:18:55 | 000,026,803 | ---- | M] () -- C:\Users\AJB\Documents\error when on bleeping computer site.JPG
[2012/05/20 14:24:14 | 000,725,090 | ---- | M] () -- C:\Users\AJB\Documents\how-to-use-combofix.pdf
[2012/05/20 13:58:13 | 000,155,005 | ---- | M] () -- C:\Users\AJB\Documents\combofix.pdf
[2012/05/20 13:56:45 | 031,817,888 | ---- | M] () -- C:\Users\AJB\Documents\How to remove Redirect Virus - host file fix only.mp4
[2012/05/20 13:35:23 | 000,337,793 | ---- | M] () -- C:\Users\AJB\Documents\remove-tdss-tdl3-alureon-rootkit-using-tdsskiller.pdf
[2012/05/20 13:25:28 | 001,539,623 | ---- | M] () -- C:\Users\AJB\Documents\goggle redirect virsus removal.pdf
[2012/05/20 13:21:06 | 000,205,068 | ---- | M] () -- C:\Users\AJB\Documents\googleyahoo-searches-redirected.pdf
[2012/05/19 21:23:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/19 21:07:23 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\AJB\Desktop\TDSSKiller.exe
[2012/05/19 20:59:43 | 000,685,145 | ---- | M] () -- C:\Users\AJB\Documents\hitman pro.pdf
[2012/05/19 20:51:35 | 000,568,829 | ---- | M] () -- C:\Users\AJB\Documents\assassinate-google-redirect-virus-hitmanpro_html.pdf
[2012/05/19 20:27:55 | 000,002,672 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/05/19 20:18:37 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/05/19 16:48:38 | 000,040,333 | ---- | M] () -- C:\Users\AJB\Documents\error message.jpg
[2012/05/15 02:43:35 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2012/05/15 00:52:15 | 192,690,717 | ---- | M] () -- C:\Users\AJB\Documents\How to Install Gingerbread ROM (rooted) on your Atrix 4G!.mp4
[2012/05/15 00:40:58 | 069,479,102 | ---- | M] () -- C:\Users\AJB\Documents\How To Root Motorola Atrix 4G 2.2.2_2.2.1.mp4
[2012/05/15 00:25:41 | 051,960,755 | ---- | M] () -- C:\Users\AJB\Documents\Rooting the Motorola Atrix 4G (2.2 Froyo) Using Gingerbreak.mp4
[2012/05/15 00:18:05 | 086,905,584 | ---- | M] () -- C:\Users\AJB\Documents\How to Root Motorola Atrix 4G Running Gingerbread 2.3.4.mp4
[2012/05/15 00:07:23 | 000,176,138 | ---- | M] () -- C:\Users\AJB\Documents\motorola-atrix-4g-root.pdf
[2012/05/15 00:05:19 | 000,110,007 | ---- | M] () -- C:\Users\AJB\Documents\rooting_atrix_phone_after_android_gingerbread_update_html.pdf
[2012/05/15 00:02:29 | 034,443,749 | ---- | M] () -- C:\Users\AJB\Documents\Motorola ATRIX 4G (How-To ROOT Android 2.2.1).flv
[2012/05/14 23:52:00 | 000,975,174 | ---- | M] () -- C:\Users\AJB\Documents\how-to-root-motorola-atrix-4g-35233.pdf
[2012/05/14 02:45:34 | 000,357,335 | ---- | M] () -- C:\Users\AJB\Documents\chapter_2.pdf
[2012/05/14 02:34:19 | 007,996,166 | ---- | M] () -- C:\Users\AJB\Documents\Pophali_Ameya_201111_PhD_thesis.pdf
[2012/05/14 02:19:01 | 000,635,992 | ---- | M] () -- C:\Users\AJB\Documents\Steam%20Savings%20in%20Recovery%20Boilers.pdf
[2012/05/14 02:00:30 | 000,359,553 | ---- | M] () -- C:\Users\AJB\Documents\slagging_fouling_in_cofiring.pdf
[2012/05/14 01:59:39 | 004,838,601 | ---- | M] () -- C:\Users\AJB\Documents\a279280.pdf
[2012/05/13 23:20:09 | 001,050,874 | ---- | M] () -- C:\Users\AJB\Documents\procheat.pdf
[2012/05/13 23:18:06 | 001,976,948 | ---- | M] () -- C:\Users\AJB\Documents\br-1756.pdf
[2012/05/13 23:07:35 | 001,284,584 | ---- | M] () -- C:\Users\AJB\Documents\Chap%2024.pdf
[2012/05/13 22:53:14 | 001,605,980 | ---- | M] () -- C:\Users\AJB\Documents\120218212552_4_1_maaden.pdf
[2012/05/13 22:47:19 | 001,254,844 | ---- | M] () -- C:\Users\AJB\Documents\Chap%2019.pdf
[2012/05/13 22:42:58 | 003,309,834 | ---- | M] () -- C:\Users\AJB\Documents\Mourik%20Magazine%2033.pdf
[2012/05/13 22:40:28 | 003,071,262 | ---- | M] () -- C:\Users\AJB\Documents\On_load_boiler_cleaning_systems_July_2011.pdf
[2012/05/13 22:37:15 | 001,202,949 | ---- | M] () -- C:\Users\AJB\Documents\2_Jegla_F.pdf
[2012/05/13 22:28:17 | 005,287,974 | ---- | M] () -- C:\Users\AJB\Documents\0609-02.pdf
[2012/05/13 22:22:08 | 001,808,860 | ---- | M] () -- C:\Users\AJB\Documents\PEER_stage2_10.1016%252Fj.applthermaleng.2010.06.013.pdf
[2012/05/13 22:12:27 | 000,133,947 | ---- | M] () -- C:\Users\AJB\Documents\AB-507%20Installed%20Fired%20Heaters%20Guideline.pdf
[2012/05/13 22:10:18 | 000,071,359 | ---- | M] () -- C:\Users\AJB\Documents\Aspen fired_soft.pdf
[2012/05/13 22:07:26 | 000,110,161 | ---- | M] () -- C:\Users\AJB\Documents\051231_Energy_Efficiency_Rossiter.pdf
[2012/05/13 22:04:50 | 000,750,769 | ---- | M] () -- C:\Users\AJB\Documents\351-bn-dg-c01g-plant-layout-fired-heaters_html.pdf
[2012/05/13 22:00:44 | 001,700,590 | ---- | M] () -- C:\Users\AJB\Documents\InTech-Fired_process_heaters.pdf
[2012/05/13 21:50:29 | 008,848,288 | ---- | M] () -- C:\Users\AJB\Documents\58808.pdf
[2012/05/13 21:39:19 | 001,555,702 | ---- | M] () -- C:\Users\AJB\Documents\e1013155.pdf
[2012/05/13 21:29:12 | 000,176,949 | ---- | M] () -- C:\Users\AJB\Documents\teloo index_phppage_id=86.pdf
[2012/05/13 21:21:56 | 001,440,461 | ---- | M] () -- C:\Users\AJB\Documents\Furnace Convection Bank Cleaning by Tube Tech International.flv
[2012/05/13 21:17:50 | 002,096,784 | ---- | M] () -- C:\Users\AJB\Documents\ACC Fin Fan Cleaning by Tube Tech International.flv
[2012/05/13 19:47:13 | 000,313,138 | ---- | M] () -- C:\Users\AJB\Documents\Purdue.pdf
[2012/05/13 19:32:03 | 003,892,321 | ---- | M] () -- C:\Users\AJB\Documents\Operating and Maintenance Manual Stack Economizers CRE-CCE-C2X.pdf
[2012/05/13 19:22:43 | 000,114,653 | ---- | M] () -- C:\Users\AJB\Documents\vpi-13.pdf
[2012/05/13 19:19:53 | 000,197,006 | ---- | M] () -- C:\Users\AJB\Documents\SCS-Heat%20Recovery%20Steam%20Generator%20(HRSG)%20Cleaning.pdf
[2012/05/13 19:17:39 | 000,330,211 | ---- | M] () -- C:\Users\AJB\Documents\FTCS_AdvertisementR1.pdf
[2012/05/13 19:14:04 | 000,120,560 | ---- | M] () -- C:\Users\AJB\Documents\finned-convection-bank-clean.pdf
[2012/05/13 19:12:29 | 000,159,273 | ---- | M] () -- C:\Users\AJB\Documents\furnace-convection-fins-cleaned-robotically-world-first.pdf
[2012/05/13 19:07:45 | 000,918,652 | ---- | M] () -- C:\Users\AJB\Documents\HRSG_Gas_Article.pdf
[2012/05/13 19:03:17 | 000,526,072 | ---- | M] () -- C:\Users\AJB\Documents\may1972.pdf
[2012/05/13 19:02:54 | 000,256,113 | ---- | M] () -- C:\Users\AJB\Documents\FinFan_Life_Cycle_Cost_Analysis.pdf
[2012/05/13 19:02:47 | 000,025,305 | ---- | M] () -- C:\Users\AJB\Documents\API13706Summary.pdf
[2012/05/13 19:02:39 | 000,255,406 | ---- | M] () -- C:\Users\AJB\Documents\apilayout052902.pdf
[2012/05/13 19:02:32 | 000,874,214 | ---- | M] () -- C:\Users\AJB\Documents\perf_improv_to_aches_Rev 0.pdf
[2012/05/13 19:01:28 | 000,492,987 | ---- | M] () -- C:\Users\AJB\Documents\specifyfin.pdf
[2012/05/13 19:00:56 | 003,010,075 | ---- | M] () -- C:\Users\AJB\Documents\july1966.pdf
[2012/05/13 18:56:08 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\Ache 2.0.lnk
[2012/05/13 18:55:33 | 002,243,484 | ---- | M] (Hudson Products Corporation ) -- C:\Users\AJB\Documents\ACHE2Setup.exe
[2012/05/13 18:49:42 | 000,971,420 | ---- | M] () -- C:\Users\AJB\Documents\mti91-11.pdf
[2012/05/13 18:48:12 | 048,560,231 | ---- | M] () -- C:\Users\AJB\Documents\Cleaning Air Conditioner Coils.flv
[2012/05/13 18:26:20 | 000,204,014 | ---- | M] () -- C:\Users\AJB\Documents\finned tube bundle cleaning methods.pdf
[2012/05/13 18:18:15 | 001,244,517 | ---- | M] () -- C:\Users\AJB\Documents\833362.pdf
[2012/05/13 18:12:02 | 000,451,308 | ---- | M] () -- C:\Users\AJB\Documents\Innovative-Cleaning-of-Air-Preheater-Coils-with-Pressurized-Liquid-Nitrogen_3022_html.pdf
[2012/05/13 18:08:01 | 000,535,699 | ---- | M] () -- C:\Users\AJB\Documents\nitrolance-powermag.pdf
[2012/05/13 17:51:37 | 000,256,654 | ---- | M] () -- C:\Users\AJB\Documents\wison - theme_html.pdf
[2012/05/13 17:47:12 | 000,624,717 | ---- | M] () -- C:\Users\AJB\Documents\FT-109108_SNCR.pdf
[2012/05/13 17:46:09 | 000,173,915 | ---- | M] () -- C:\Users\AJB\Documents\noxout sncr.pdf
[2012/05/13 17:44:11 | 000,444,869 | ---- | M] () -- C:\Users\AJB\Documents\THP7216_3Keys_Ethylene_salessheets_v1-1.pdf
[2012/05/13 17:42:50 | 001,650,635 | ---- | M] () -- C:\Users\AJB\Documents\B5D2_KS_BURNER.pdf
[2012/05/13 17:41:31 | 000,244,415 | ---- | M] () -- C:\Users\AJB\Documents\Design%20Guidelines%20for%20Fouling%20Service%20rev%20in.pdf
[2012/05/13 17:39:58 | 000,706,497 | ---- | M] () -- C:\Users\AJB\Documents\SSW0703.pdf
[2012/05/13 13:53:40 | 010,798,781 | ---- | M] () -- C:\Users\AJB\Documents\Conferenceday1 (2).pdf
[2012/05/13 13:41:18 | 012,364,442 | ---- | M] () -- C:\Users\AJB\Documents\Conferenceday2 (2).pdf
[2012/05/13 13:37:17 | 000,051,062 | ---- | M] () -- C:\Users\AJB\Documents\CC1200049_html.pdf
[2012/05/13 13:36:37 | 000,050,790 | ---- | M] () -- C:\Users\AJB\Documents\CC1000166_html.pdf
[2012/05/13 13:36:00 | 000,051,365 | ---- | M] () -- C:\Users\AJB\Documents\CC1000152_html.pdf
[2012/05/13 13:35:17 | 000,050,884 | ---- | M] () -- C:\Users\AJB\Documents\CC1200062_html.pdf
[2012/05/13 13:34:20 | 000,049,345 | ---- | M] () -- C:\Users\AJB\Documents\CC1000033_html.pdf
[2012/05/13 13:33:24 | 000,074,450 | ---- | M] () -- C:\Users\AJB\Documents\CC1000040_html.pdf
[2012/05/13 13:32:19 | 000,051,571 | ---- | M] () -- C:\Users\AJB\Documents\CC1000165_html.pdf
[2012/05/13 13:28:36 | 000,196,255 | ---- | M] () -- C:\Users\AJB\Documents\HB1011020.pdf
[2012/05/13 13:25:07 | 000,392,370 | ---- | M] () -- C:\Users\AJB\Documents\HC1300001.pdf
[2012/05/13 13:22:14 | 000,195,184 | ---- | M] () -- C:\Users\AJB\Documents\Py-Gas.pdf
[2012/05/13 13:21:20 | 000,199,753 | ---- | M] () -- C:\Users\AJB\Documents\Form%20C-1608%20AnchorLoc3%20Install%20Guide,%202-10.pdf
[2012/05/13 13:19:37 | 000,215,300 | ---- | M] () -- C:\Users\AJB\Documents\ACC_Ethylene_Manual%203096.pdf
[2012/05/13 13:17:56 | 000,072,160 | ---- | M] () -- C:\Users\AJB\Documents\HIMA_essay_BMS.pdf
[2012/05/13 13:17:17 | 000,051,659 | ---- | M] () -- C:\Users\AJB\Documents\CPC%20Heaters%20fact%20sheet.pdf
[2012/05/13 13:16:37 | 001,565,591 | ---- | M] () -- C:\Users\AJB\Documents\Burner_bro.pdf
[2012/05/13 13:15:08 | 000,312,848 | ---- | M] () -- C:\Users\AJB\Documents\556reballot0710.pdf
[2012/05/13 13:13:06 | 000,327,230 | ---- | M] () -- C:\Users\AJB\Documents\condition_assessment.pdf
[2012/05/13 13:11:04 | 000,265,762 | ---- | M] () -- C:\Users\AJB\Documents\Appl_Ethylene Interlock.pdf
[2012/05/13 13:08:43 | 000,506,535 | ---- | M] () -- C:\Users\AJB\Documents\different-types-of-pyrolysis-coil-failure.pdf
[2012/05/13 13:06:15 | 000,141,626 | ---- | M] () -- C:\Users\AJB\Documents\etileno.pdf
[2012/05/13 13:03:48 | 002,767,408 | ---- | M] () -- C:\Users\AJB\Documents\HCP405.pdf
[2012/05/13 12:55:10 | 000,345,646 | ---- | M] () -- C:\Users\AJB\Documents\PEW_EnergyEfficiency_Dow.pdf
[2012/05/13 12:52:53 | 003,659,594 | ---- | M] () -- C:\Users\AJB\Documents\Panchal%20presentation.pdf
[2012/05/13 12:49:38 | 000,112,054 | ---- | M] () -- C:\Users\AJB\Documents\adams valves product_html.pdf
[2012/05/13 12:47:35 | 000,101,608 | ---- | M] () -- C:\Users\AJB\Documents\general_01 bodycoat.pdf
[2012/05/13 12:45:15 | 001,082,234 | ---- | M] () -- C:\Users\AJB\Documents\Presentation.pdf
[2012/05/13 12:41:21 | 001,207,816 | ---- | M] () -- C:\Users\AJB\Documents\1114-1131-1-PB.pdf
[2012/05/13 12:39:19 | 001,604,728 | ---- | M] () -- C:\Users\AJB\Documents\app3.pdf
[2012/05/13 12:38:19 | 000,705,619 | ---- | M] () -- C:\Users\AJB\Documents\ASG_Furnace.pdf
[2012/05/13 12:37:39 | 000,398,106 | ---- | M] () -- C:\Users\AJB\Documents\nickel aluminides.pdf
[2012/05/13 12:33:45 | 000,306,913 | ---- | M] () -- C:\Users\AJB\Documents\WroughtAndCastHeatResistantStainlessSteelsNickelAlloysRefiningPetrochemical_10071_ (2).pdf
[2012/05/13 12:31:09 | 000,130,472 | ---- | M] () -- C:\Users\AJB\Documents\1999_Ethylene.pdf
[2012/05/13 12:27:49 | 001,491,858 | ---- | M] () -- C:\Users\AJB\Documents\ms_2005_026 (2).pdf
[2012/05/13 12:26:25 | 000,141,493 | ---- | M] () -- C:\Users\AJB\Documents\79.pdf
[2012/05/13 12:21:18 | 001,941,599 | ---- | M] () -- C:\Users\AJB\Documents\P133-148BabakrFeNiCrAlloy (2).pdf
[2012/05/13 12:18:49 | 000,134,158 | ---- | M] () -- C:\Users\AJB\Documents\usx-ethylene-reactor-cleaned-4x-faster-than-leading-cleaning-firm.pdf
[2012/05/13 12:14:16 | 001,235,200 | ---- | M] () -- C:\Users\AJB\Documents\RepairWeldingHighAlloyFurnaceTubes_10031 (2).pdf
[2012/05/13 12:12:34 | 000,597,557 | ---- | M] () -- C:\Users\AJB\Documents\NPRA_RMC-05-88_Zeeco_Valero (2).pdf
[2012/05/13 12:10:15 | 002,842,272 | ---- | M] () -- C:\Users\AJB\Documents\FormC-4027%20IH%20Reprint.pdf
[2012/05/13 12:08:38 | 000,284,183 | ---- | M] () -- C:\Users\AJB\Documents\YARS100_GS_02.pdf
[2012/05/13 11:58:49 | 000,123,083 | ---- | M] () -- C:\Users\AJB\Documents\Ethylene Cracking Furnace_aspx thermabond.pdf
[2012/05/13 11:54:58 | 000,104,849 | ---- | M] () -- C:\Users\AJB\Documents\071.pdf
[2012/05/13 11:51:04 | 004,678,142 | ---- | M] () -- C:\Users\AJB\Documents\nacemp5005p058.pdf
[2012/05/13 11:48:35 | 000,120,093 | ---- | M] () -- C:\Users\AJB\Documents\redfractory failure.pdf
[2012/05/13 11:46:52 | 000,170,157 | ---- | M] () -- C:\Users\AJB\Documents\refractory issues.pdf
[2012/05/13 11:38:30 | 000,412,953 | ---- | M] () -- C:\Users\AJB\Documents\SmartProcessEthyleneFurnace.pdf
[2012/05/13 11:36:13 | 000,865,079 | ---- | M] () -- C:\Users\AJB\Documents\2722_01_08en.pdf
[2012/05/13 11:33:04 | 000,336,867 | ---- | M] () -- C:\Users\AJB\Documents\AnalysisofNOxReductionTechniques (2).pdf
[2012/05/13 11:32:26 | 001,755,529 | ---- | M] () -- C:\Users\AJB\Documents\GDS138.pdf
[2012/05/13 11:27:50 | 000,907,233 | ---- | M] () -- C:\Users\AJB\Documents\rd-te-r05401-010.pdf
[2012/05/13 03:29:34 | 003,032,914 | ---- | M] () -- C:\Users\AJB\Documents\bbf_GCC_cleantech_study_2009.pdf
[2012/05/13 03:18:45 | 000,239,340 | ---- | M] () -- C:\Users\AJB\Documents\822.pdf
[2012/05/13 03:10:20 | 000,503,091 | ---- | M] () -- C:\Users\AJB\Documents\how-to-share-internet-connection-between-pc-and-android-phone-using-wifi.pdf
[2012/05/13 03:07:27 | 029,242,873 | ---- | M] () -- C:\Users\AJB\Documents\Windows 7 Internet Connection Sharing (ICS).mp4
[2012/05/13 03:00:18 | 000,098,798 | ---- | M] () -- C:\Users\AJB\Documents\Using-ICS-Internet-Connection-Sharing.pdf
[2012/05/13 02:54:19 | 000,115,510 | ---- | M] () -- C:\Users\AJB\Documents\faqa=ReverseTether.pdf
[2012/05/13 02:21:19 | 001,540,911 | ---- | M] () -- C:\Users\AJB\Documents\revers tethering.xps
[2012/05/13 02:00:56 | 002,299,145 | ---- | M] () -- C:\Users\AJB\Documents\reverse tether.xps
[2012/05/13 01:56:40 | 001,841,286 | ---- | M] () -- C:\Users\AJB\Documents\reverse tethering.xps
[2012/05/12 23:42:28 | 000,223,069 | ---- | M] () -- C:\Windows\hpwins24.dat
[2012/05/12 23:12:56 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/05/12 04:53:06 | 000,426,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/12 03:18:39 | 000,740,814 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/12 03:18:39 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/12 03:18:39 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/11 22:56:22 | 000,066,359 | ---- | M] () -- C:\Users\AJB\Documents\qandaquestion_aspxq=1bc7ef96-da7b-4a7b-89a1-2be01befa254.pdf
[2012/05/11 22:54:34 | 000,370,917 | ---- | M] () -- C:\Users\AJB\Documents\nawtec17-2319.pdf
[2012/05/11 22:50:24 | 000,136,948 | ---- | M] () -- C:\Users\AJB\Documents\fintubecleaning_html.pdf
[2012/05/11 22:49:18 | 001,245,077 | ---- | M] () -- C:\Users\AJB\Documents\nawtec15-3210.pdf
[2012/05/11 22:45:50 | 003,964,571 | ---- | M] () -- C:\Users\AJB\Documents\methodologyblue_html.pdf
[2012/05/11 22:21:04 | 000,975,156 | ---- | M] () -- C:\Users\AJB\Documents\NPRA2005FWFiredHeaterDesignDecokingTechniques.pdf
[2012/05/11 22:11:40 | 000,882,742 | ---- | M] () -- C:\Users\AJB\Documents\PAVbooklet.pdf
[2012/05/11 22:09:43 | 000,514,929 | ---- | M] () -- C:\Users\AJB\Documents\Soot_Blower_Lance_Tube_Corrosion.pdf
[2012/05/11 22:05:38 | 000,236,161 | ---- | M] () -- C:\Users\AJB\Documents\742188.pdf
[2012/05/09 02:01:48 | 000,700,118 | ---- | M] () -- C:\Users\AJB\Documents\Installing different Atrix ROMs.xps
[2012/05/09 01:57:38 | 000,909,832 | ---- | M] () -- C:\Users\AJB\Documents\use of different Atrix ROMs.xps
[2012/05/09 01:50:04 | 000,938,922 | ---- | M] () -- C:\Users\AJB\Documents\Atrix radio software.xps
[2012/05/09 01:46:41 | 001,013,745 | ---- | M] () -- C:\Users\AJB\Documents\gingerbread update.xps
[2012/05/09 01:42:37 | 001,136,253 | ---- | M] () -- C:\Users\AJB\Documents\Atrix backup problems.xps
[2012/05/09 00:59:20 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
[2012/05/09 00:14:10 | 000,134,719 | ---- | M] () -- C:\Users\AJB\Documents\Update instructions for US version of Atrix.pdf
[2012/05/07 01:47:27 | 000,178,875 | ---- | M] () -- C:\Users\AJB\Documents\Atrix_45.31.0_Upgrade_Release_Notes_DE.pdf
[2012/05/07 01:39:34 | 000,145,488 | ---- | M] () -- C:\Users\AJB\Documents\Atrix_45_31_0_Upgrade_Release_.pdf
[2012/05/06 18:02:58 | 000,398,487 | ---- | M] () -- C:\Users\AJB\Documents\german Atrix.pdf
[2012/05/06 16:43:40 | 000,000,119 | ---- | M] () -- C:\Users\AJB\AppData\Roaming\default.pls
[2012/05/06 16:39:00 | 000,001,213 | ---- | M] () -- C:\Users\AJB\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012/05/06 16:38:59 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012/05/06 10:23:46 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/06 10:23:46 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/06 10:11:08 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/06 10:06:03 | 000,695,672 | ---- | M] () -- C:\Users\AJB\Documents\how-to-save-adobe-flash-files-in-mozilla-firefox-and-internet-explorer.pdf
[2012/05/06 09:43:48 | 000,290,033 | ---- | M] () -- C:\Users\AJB\Documents\using the factory reset on Atrix.pdf
[2012/05/05 15:41:33 | 000,483,485 | ---- | M] () -- C:\Users\AJB\Documents\acr6optimize.pdf
[2012/05/03 11:56:38 | 001,188,162 | ---- | M] () -- C:\Users\AJB\Documents\wireless contract.xps
[2012/05/03 11:12:21 | 000,349,863 | ---- | M] () -- C:\Users\AJB\Documents\Foamfrax%20Installation%20Story%2311.pdf
[1 C:\Users\AJB\Documents\*.tmp files -> C:\Users\AJB\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/30 15:08:15 | 000,177,563 | ---- | C] () -- C:\Users\AJB\Desktop\page__pid__2715129.pdf
[2012/05/30 01:49:42 | 000,073,138 | ---- | C] () -- C:\Users\AJB\Documents\malware quarantined by Hitman.JPG
[2012/05/29 04:27:53 | 000,620,288 | ---- | C] () -- C:\Users\AJB\Documents\support hitman.pdf
[2012/05/29 04:19:12 | 000,824,142 | ---- | C] () -- C:\Users\AJB\Documents\how-to-disable-your-security-applications-490111_html.pdf
[2012/05/29 04:15:26 | 000,098,482 | ---- | C] () -- C:\Users\AJB\Documents\page__st__105.pdf
[2012/05/29 04:14:44 | 000,131,332 | ---- | C] () -- C:\Users\AJB\Documents\page__st__90.pdf
[2012/05/29 04:12:28 | 001,041,519 | ---- | C] () -- C:\Users\AJB\Documents\2495-services-start-disable_html.pdf
[2012/05/29 04:09:55 | 000,114,755 | ---- | C] () -- C:\Users\AJB\Documents\page__st__75.pdf
[2012/05/29 04:07:50 | 000,119,855 | ---- | C] () -- C:\Users\AJB\Documents\page__st__60.pdf
[2012/05/29 04:06:26 | 000,147,324 | ---- | C] () -- C:\Users\AJB\Documents\page__st__45.pdf
[2012/05/29 04:05:32 | 000,140,415 | ---- | C] () -- C:\Users\AJB\Documents\page__st__30.pdf
[2012/05/29 04:04:15 | 000,196,474 | ---- | C] () -- C:\Users\AJB\Documents\page__st__15.pdf
[2012/05/29 04:03:11 | 000,307,626 | ---- | C] () -- C:\Users\AJB\Documents\topic114351_html.pdf
[2012/05/29 03:52:42 | 000,497,417 | ---- | C] () -- C:\Users\AJB\Documents\topic454528_html.pdf
[2012/05/28 21:06:42 | 000,949,915 | ---- | C] () -- C:\Users\AJB\Documents\preparation.pdf
[2012/05/28 19:55:15 | 000,146,472 | ---- | C] () -- C:\Users\AJB\Documents\226367-how-to-stop-a-redirect-to-8-26-70-252page=2.pdf
[2012/05/28 19:53:47 | 000,312,466 | ---- | C] () -- C:\Users\AJB\Documents\226367-how-to-stop-a-redirect-to-8-26-70-252.pdf
[2012/05/28 19:45:47 | 000,950,016 | ---- | C] () -- C:\Users\AJB\Documents\topic34773_html.pdf
[2012/05/28 19:38:29 | 000,113,522 | ---- | C] () -- C:\Users\AJB\Documents\how to remove 99 pct of malware.pdf
[2012/05/28 19:29:23 | 000,182,094 | ---- | C] () -- C:\Users\AJB\Documents\malwarebytes-anti-malware.pdf
[2012/05/28 19:24:08 | 000,050,868 | ---- | C] () -- C:\Users\AJB\Documents\How-do-I-uninstall-antivirus-or-antispyware-programsmkt=en-us.pdf
[2012/05/28 19:23:14 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/21 21:58:30 | 000,119,625 | ---- | C] () -- C:\Users\AJB\Documents\combofix - topic391848_html.pdf
[2012/05/21 02:17:32 | 028,189,043 | ---- | C] () -- C:\Users\AJB\Documents\How to use combofix.mp4
[2012/05/21 02:08:51 | 033,042,616 | ---- | C] () -- C:\Users\AJB\Documents\ComboFix_ How-to download, install & run.mp4
[2012/05/21 02:01:56 | 046,799,398 | ---- | C] () -- C:\Users\AJB\Documents\COMBO FIX FOR THE WIN!!!!.mp4
[2012/05/21 01:40:43 | 032,081,890 | ---- | C] () -- C:\Users\AJB\Documents\Combofix - Malware Removal Made Easy.flv
[2012/05/20 23:37:15 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 21d36995-287b-4ece-8b8b-1e0990e0abe0.job
[2012/05/20 23:37:14 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3279b39f-6800-46d5-b2cc-0e8e747f57e6.job
[2012/05/20 23:36:05 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/05/20 23:10:05 | 000,257,020 | ---- | C] () -- C:\Users\AJB\Documents\challenges-of-removing-google-redirect-virus-part-4-of-4_html.pdf
[2012/05/20 23:07:46 | 000,263,006 | ---- | C] () -- C:\Users\AJB\Documents\challenges-of-removing-google-redirect-virus-part-2-of-4_html.pdf
[2012/05/20 23:03:01 | 000,288,222 | ---- | C] () -- C:\Users\AJB\Documents\challenges-of-removing-google-redirect-virus-part-3-of-4_html.pdf
[2012/05/20 22:17:02 | 000,098,206 | ---- | C] () -- C:\Users\AJB\Documents\avg-forumssec=thread&act=show&id=173234.pdf
[2012/05/20 21:02:21 | 000,094,254 | ---- | C] () -- C:\Users\AJB\Documents\windows 7 equivalent of run.pdf
[2012/05/20 17:54:46 | 002,155,715 | ---- | C] () -- C:\Users\AJB\Documents\step-step-google-redirect-virus-removal-guide.pdf
[2012/05/20 17:50:05 | 000,887,515 | ---- | C] () -- C:\Users\AJB\Documents\easily-remove-google-redirect-virus-from-your-computer.pdf
[2012/05/20 17:38:10 | 000,156,915 | ---- | C] () -- C:\Users\AJB\Documents\internet redirect problems.pdf
[2012/05/20 17:27:38 | 000,602,944 | ---- | C] () -- C:\Users\AJB\Documents\remove-google-redirect-virus.pdf
[2012/05/20 17:17:22 | 000,771,260 | ---- | C] () -- C:\Users\AJB\Documents\getting rid of the redirect virus dot org.pdf
[2012/05/20 17:13:41 | 021,176,139 | ---- | C] () -- C:\Users\AJB\Documents\How to get rid off the Google redirect Virus 100% working - router infection.mp4
[2012/05/20 17:05:01 | 053,379,318 | ---- | C] () -- C:\Users\AJB\Documents\Internet Browser Redirect Virus - Tutorial to Removal - variety of methods.mp4
[2012/05/20 16:59:04 | 000,289,750 | ---- | C] () -- C:\Users\AJB\Documents\how-to-remove-the-google-redirect-virus.pdf
[2012/05/20 16:51:46 | 047,238,295 | ---- | C] () -- C:\Users\AJB\Documents\Google Redirect Virus Fix For Windows 7 - using combofix.mp4
[2012/05/20 16:03:55 | 000,464,678 | ---- | C] () -- C:\Users\AJB\Documents\how-to-do-a-complete-internet-explorer-optimization_html.pdf
[2012/05/20 16:00:03 | 000,530,502 | ---- | C] () -- C:\Users\AJB\Documents\google-redirect-virus-remove-manually_html.pdf
[2012/05/20 15:37:40 | 151,040,735 | ---- | C] () -- C:\Users\AJB\Documents\Google Redirect Virus - Fix Google Redirect Virus Manually -good.mp4
[2012/05/20 15:18:55 | 000,026,803 | ---- | C] () -- C:\Users\AJB\Documents\error when on bleeping computer site.JPG
[2012/05/20 14:24:11 | 000,725,090 | ---- | C] () -- C:\Users\AJB\Documents\how-to-use-combofix.pdf
[2012/05/20 13:58:09 | 000,155,005 | ---- | C] () -- C:\Users\AJB\Documents\combofix.pdf
[2012/05/20 13:51:58 | 031,817,888 | ---- | C] () -- C:\Users\AJB\Documents\How to remove Redirect Virus - host file fix only.mp4
[2012/05/20 13:35:15 | 000,337,793 | ---- | C] () -- C:\Users\AJB\Documents\remove-tdss-tdl3-alureon-rootkit-using-tdsskiller.pdf
[2012/05/20 13:25:00 | 001,539,623 | ---- | C] () -- C:\Users\AJB\Documents\goggle redirect virsus removal.pdf
[2012/05/20 13:20:59 | 000,205,068 | ---- | C] () -- C:\Users\AJB\Documents\googleyahoo-searches-redirected.pdf
[2012/05/19 21:23:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/19 20:56:28 | 000,685,145 | ---- | C] () -- C:\Users\AJB\Documents\hitman pro.pdf
[2012/05/19 20:51:29 | 000,568,829 | ---- | C] () -- C:\Users\AJB\Documents\assassinate-google-redirect-virus-hitmanpro_html.pdf
[2012/05/19 20:27:55 | 000,002,672 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/05/19 20:18:37 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/05/19 16:48:38 | 000,040,333 | ---- | C] () -- C:\Users\AJB\Documents\error message.jpg
[2012/05/15 00:25:30 | 069,479,102 | ---- | C] () -- C:\Users\AJB\Documents\How To Root Motorola Atrix 4G 2.2.2_2.2.1.mp4
[2012/05/15 00:19:01 | 192,690,717 | ---- | C] () -- C:\Users\AJB\Documents\How to Install Gingerbread ROM (rooted) on your Atrix 4G!.mp4
[2012/05/15 00:10:07 | 051,960,755 | ---- | C] () -- C:\Users\AJB\Documents\Rooting the Motorola Atrix 4G (2.2 Froyo) Using Gingerbreak.mp4
[2012/05/15 00:06:29 | 000,176,138 | ---- | C] () -- C:\Users\AJB\Documents\motorola-atrix-4g-root.pdf
[2012/05/15 00:05:10 | 000,110,007 | ---- | C] () -- C:\Users\AJB\Documents\rooting_atrix_phone_after_android_gingerbread_update_html.pdf
[2012/05/15 00:01:40 | 086,905,584 | ---- | C] () -- C:\Users\AJB\Documents\How to Root Motorola Atrix 4G Running Gingerbread 2.3.4.mp4
[2012/05/14 23:55:33 | 034,443,749 | ---- | C] () -- C:\Users\AJB\Documents\Motorola ATRIX 4G (How-To ROOT Android 2.2.1).flv
[2012/05/14 23:51:52 | 000,975,174 | ---- | C] () -- C:\Users\AJB\Documents\how-to-root-motorola-atrix-4g-35233.pdf
[2012/05/14 02:45:34 | 000,357,335 | ---- | C] () -- C:\Users\AJB\Documents\chapter_2.pdf
[2012/05/14 02:34:19 | 007,996,166 | ---- | C] () -- C:\Users\AJB\Documents\Pophali_Ameya_201111_PhD_thesis.pdf
[2012/05/14 02:19:00 | 000,635,992 | ---- | C] () -- C:\Users\AJB\Documents\Steam%20Savings%20in%20Recovery%20Boilers.pdf
[2012/05/14 02:00:30 | 000,359,553 | ---- | C] () -- C:\Users\AJB\Documents\slagging_fouling_in_cofiring.pdf
[2012/05/14 01:59:39 | 004,838,601 | ---- | C] () -- C:\Users\AJB\Documents\a279280.pdf
[2012/05/13 23:20:09 | 001,050,874 | ---- | C] () -- C:\Users\AJB\Documents\procheat.pdf
[2012/05/13 23:18:04 | 001,976,948 | ---- | C] () -- C:\Users\AJB\Documents\br-1756.pdf
[2012/05/13 23:07:18 | 001,284,584 | ---- | C] () -- C:\Users\AJB\Documents\Chap%2024.pdf
[2012/05/13 22:53:13 | 001,605,980 | ---- | C] () -- C:\Users\AJB\Documents\120218212552_4_1_maaden.pdf
[2012/05/13 22:46:53 | 001,254,844 | ---- | C] () -- C:\Users\AJB\Documents\Chap%2019.pdf
[2012/05/13 22:42:58 | 003,309,834 | ---- | C] () -- C:\Users\AJB\Documents\Mourik%20Magazine%2033.pdf
[2012/05/13 22:40:28 | 003,071,262 | ---- | C] () -- C:\Users\AJB\Documents\On_load_boiler_cleaning_systems_July_2011.pdf
[2012/05/13 22:37:15 | 001,202,949 | ---- | C] () -- C:\Users\AJB\Documents\2_Jegla_F.pdf
[2012/05/13 22:28:16 | 005,287,974 | ---- | C] () -- C:\Users\AJB\Documents\0609-02.pdf
[2012/05/13 22:22:08 | 001,808,860 | ---- | C] () -- C:\Users\AJB\Documents\PEER_stage2_10.1016%252Fj.applthermaleng.2010.06.013.pdf
[2012/05/13 22:12:27 | 000,133,947 | ---- | C] () -- C:\Users\AJB\Documents\AB-507%20Installed%20Fired%20Heaters%20Guideline.pdf
[2012/05/13 22:10:03 | 000,071,359 | ---- | C] () -- C:\Users\AJB\Documents\Aspen fired_soft.pdf
[2012/05/13 22:07:26 | 000,110,161 | ---- | C] () -- C:\Users\AJB\Documents\051231_Energy_Efficiency_Rossiter.pdf
[2012/05/13 22:04:45 | 000,750,769 | ---- | C] () -- C:\Users\AJB\Documents\351-bn-dg-c01g-plant-layout-fired-heaters_html.pdf
[2012/05/13 22:00:43 | 001,700,590 | ---- | C] () -- C:\Users\AJB\Documents\InTech-Fired_process_heaters.pdf
[2012/05/13 21:49:44 | 008,848,288 | ---- | C] () -- C:\Users\AJB\Documents\58808.pdf
[2012/05/13 21:39:18 | 001,555,702 | ---- | C] () -- C:\Users\AJB\Documents\e1013155.pdf
[2012/05/13 21:28:59 | 000,176,949 | ---- | C] () -- C:\Users\AJB\Documents\teloo index_phppage_id=86.pdf
[2012/05/13 21:21:43 | 001,440,461 | ---- | C] () -- C:\Users\AJB\Documents\Furnace Convection Bank Cleaning by Tube Tech International.flv
[2012/05/13 21:17:35 | 002,096,784 | ---- | C] () -- C:\Users\AJB\Documents\ACC Fin Fan Cleaning by Tube Tech International.flv
[2012/05/13 19:47:13 | 000,313,138 | ---- | C] () -- C:\Users\AJB\Documents\Purdue.pdf
[2012/05/13 19:32:03 | 003,892,321 | ---- | C] () -- C:\Users\AJB\Documents\Operating and Maintenance Manual Stack Economizers CRE-CCE-C2X.pdf
[2012/05/13 19:22:43 | 000,114,653 | ---- | C] () -- C:\Users\AJB\Documents\vpi-13.pdf
[2012/05/13 19:19:53 | 000,197,006 | ---- | C] () -- C:\Users\AJB\Documents\SCS-Heat%20Recovery%20Steam%20Generator%20(HRSG)%20Cleaning.pdf
[2012/05/13 19:17:39 | 000,330,211 | ---- | C] () -- C:\Users\AJB\Documents\FTCS_AdvertisementR1.pdf
[2012/05/13 19:13:58 | 000,120,560 | ---- | C] () -- C:\Users\AJB\Documents\finned-convection-bank-clean.pdf
[2012/05/13 19:12:24 | 000,159,273 | ---- | C] () -- C:\Users\AJB\Documents\furnace-convection-fins-cleaned-robotically-world-first.pdf
[2012/05/13 19:07:45 | 000,918,652 | ---- | C] () -- C:\Users\AJB\Documents\HRSG_Gas_Article.pdf
[2012/05/13 19:03:13 | 000,526,072 | ---- | C] () -- C:\Users\AJB\Documents\may1972.pdf
[2012/05/13 19:02:53 | 000,256,113 | ---- | C] () -- C:\Users\AJB\Documents\FinFan_Life_Cycle_Cost_Analysis.pdf
[2012/05/13 19:02:47 | 000,025,305 | ---- | C] () -- C:\Users\AJB\Documents\API13706Summary.pdf
[2012/05/13 19:02:39 | 000,255,406 | ---- | C] () -- C:\Users\AJB\Documents\apilayout052902.pdf
[2012/05/13 19:02:29 | 000,874,214 | ---- | C] () -- C:\Users\AJB\Documents\perf_improv_to_aches_Rev 0.pdf
[2012/05/13 19:01:27 | 000,492,987 | ---- | C] () -- C:\Users\AJB\Documents\specifyfin.pdf
[2012/05/13 19:00:56 | 003,010,075 | ---- | C] () -- C:\Users\AJB\Documents\july1966.pdf
[2012/05/13 18:56:08 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\Ache 2.0.lnk
[2012/05/13 18:49:42 | 000,971,420 | ---- | C] () -- C:\Users\AJB\Documents\mti91-11.pdf
[2012/05/13 18:41:51 | 048,560,231 | ---- | C] () -- C:\Users\AJB\Documents\Cleaning Air Conditioner Coils.flv
[2012/05/13 18:25:52 | 000,204,014 | ---- | C] () -- C:\Users\AJB\Documents\finned tube bundle cleaning methods.pdf
[2012/05/13 18:18:14 | 001,244,517 | ---- | C] () -- C:\Users\AJB\Documents\833362.pdf
[2012/05/13 18:11:50 | 000,451,308 | ---- | C] () -- C:\Users\AJB\Documents\Innovative-Cleaning-of-Air-Preheater-Coils-with-Pressurized-Liquid-Nitrogen_3022_html.pdf
[2012/05/13 18:08:01 | 000,535,699 | ---- | C] () -- C:\Users\AJB\Documents\nitrolance-powermag.pdf
[2012/05/13 17:51:26 | 000,256,654 | ---- | C] () -- C:\Users\AJB\Documents\wison - theme_html.pdf
[2012/05/13 17:47:12 | 000,624,717 | ---- | C] () -- C:\Users\AJB\Documents\FT-109108_SNCR.pdf
[2012/05/13 17:45:57 | 000,173,915 | ---- | C] () -- C:\Users\AJB\Documents\noxout sncr.pdf
[2012/05/13 17:44:11 | 000,444,869 | ---- | C] () -- C:\Users\AJB\Documents\THP7216_3Keys_Ethylene_salessheets_v1-1.pdf
[2012/05/13 17:42:49 | 001,650,635 | ---- | C] () -- C:\Users\AJB\Documents\B5D2_KS_BURNER.pdf
[2012/05/13 17:41:31 | 000,244,415 | ---- | C] () -- C:\Users\AJB\Documents\Design%20Guidelines%20for%20Fouling%20Service%20rev%20in.pdf
[2012/05/13 17:39:58 | 000,706,497 | ---- | C] () -- C:\Users\AJB\Documents\SSW0703.pdf
[2012/05/13 13:52:36 | 010,798,781 | ---- | C] () -- C:\Users\AJB\Documents\Conferenceday1 (2).pdf
[2012/05/13 13:41:17 | 012,364,442 | ---- | C] () -- C:\Users\AJB\Documents\Conferenceday2 (2).pdf
[2012/05/13 13:37:13 | 000,051,062 | ---- | C] () -- C:\Users\AJB\Documents\CC1200049_html.pdf
[2012/05/13 13:36:32 | 000,050,790 | ---- | C] () -- C:\Users\AJB\Documents\CC1000166_html.pdf
[2012/05/13 13:35:55 | 000,051,365 | ---- | C] () -- C:\Users\AJB\Documents\CC1000152_html.pdf
[2012/05/13 13:35:13 | 000,050,884 | ---- | C] () -- C:\Users\AJB\Documents\CC1200062_html.pdf
[2012/05/13 13:34:15 | 000,049,345 | ---- | C] () -- C:\Users\AJB\Documents\CC1000033_html.pdf
[2012/05/13 13:33:20 | 000,074,450 | ---- | C] () -- C:\Users\AJB\Documents\CC1000040_html.pdf
[2012/05/13 13:32:13 | 000,051,571 | ---- | C] () -- C:\Users\AJB\Documents\CC1000165_html.pdf
[2012/05/13 13:28:36 | 000,196,255 | ---- | C] () -- C:\Users\AJB\Documents\HB1011020.pdf
[2012/05/13 13:25:06 | 000,392,370 | ---- | C] () -- C:\Users\AJB\Documents\HC1300001.pdf
[2012/05/13 13:22:14 | 000,195,184 | ---- | C] () -- C:\Users\AJB\Documents\Py-Gas.pdf
[2012/05/13 13:21:20 | 000,199,753 | ---- | C] () -- C:\Users\AJB\Documents\Form%20C-1608%20AnchorLoc3%20Install%20Guide,%202-10.pdf
[2012/05/13 13:19:37 | 000,215,300 | ---- | C] () -- C:\Users\AJB\Documents\ACC_Ethylene_Manual%203096.pdf
[2012/05/13 13:17:56 | 000,072,160 | ---- | C] () -- C:\Users\AJB\Documents\HIMA_essay_BMS.pdf
[2012/05/13 13:17:17 | 000,051,659 | ---- | C] () -- C:\Users\AJB\Documents\CPC%20Heaters%20fact%20sheet.pdf
[2012/05/13 13:16:37 | 001,565,591 | ---- | C] () -- C:\Users\AJB\Documents\Burner_bro.pdf
[2012/05/13 13:15:08 | 000,312,848 | ---- | C] () -- C:\Users\AJB\Documents\556reballot0710.pdf
[2012/05/13 13:13:05 | 000,327,230 | ---- | C] () -- C:\Users\AJB\Documents\condition_assessment.pdf
[2012/05/13 13:11:03 | 000,265,762 | ---- | C] () -- C:\Users\AJB\Documents\Appl_Ethylene Interlock.pdf
[2012/05/13 13:08:09 | 000,506,535 | ---- | C] () -- C:\Users\AJB\Documents\different-types-of-pyrolysis-coil-failure.pdf
[2012/05/13 13:06:15 | 000,141,626 | ---- | C] () -- C:\Users\AJB\Documents\etileno.pdf
[2012/05/13 13:03:40 | 002,767,408 | ---- | C] () -- C:\Users\AJB\Documents\HCP405.pdf
[2012/05/13 12:55:10 | 000,345,646 | ---- | C] () -- C:\Users\AJB\Documents\PEW_EnergyEfficiency_Dow.pdf
[2012/05/13 12:52:52 | 003,659,594 | ---- | C] () -- C:\Users\AJB\Documents\Panchal%20presentation.pdf
[2012/05/13 12:49:24 | 000,112,054 | ---- | C] () -- C:\Users\AJB\Documents\adams valves product_html.pdf
[2012/05/13 12:47:24 | 000,101,608 | ---- | C] () -- C:\Users\AJB\Documents\general_01 bodycoat.pdf
[2012/05/13 12:45:15 | 001,082,234 | ---- | C] () -- C:\Users\AJB\Documents\Presentation.pdf
[2012/05/13 12:41:21 | 001,207,816 | ---- | C] () -- C:\Users\AJB\Documents\1114-1131-1-PB.pdf
[2012/05/13 12:39:19 | 001,604,728 | ---- | C] () -- C:\Users\AJB\Documents\app3.pdf
[2012/05/13 12:38:19 | 000,705,619 | ---- | C] () -- C:\Users\AJB\Documents\ASG_Furnace.pdf
[2012/05/13 12:37:12 | 000,398,106 | ---- | C] () -- C:\Users\AJB\Documents\nickel aluminides.pdf
[2012/05/13 12:33:45 | 000,306,913 | ---- | C] () -- C:\Users\AJB\Documents\WroughtAndCastHeatResistantStainlessSteelsNickelAlloysRefiningPetrochemical_10071_ (2).pdf
[2012/05/13 12:31:08 | 000,130,472 | ---- | C] () -- C:\Users\AJB\Documents\1999_Ethylene.pdf
[2012/05/13 12:27:44 | 001,491,858 | ---- | C] () -- C:\Users\AJB\Documents\ms_2005_026 (2).pdf
[2012/05/13 12:26:25 | 000,141,493 | ---- | C] () -- C:\Users\AJB\Documents\79.pdf
[2012/05/13 12:21:18 | 001,941,599 | ---- | C] () -- C:\Users\AJB\Documents\P133-148BabakrFeNiCrAlloy (2).pdf
[2012/05/13 12:18:44 | 000,134,158 | ---- | C] () -- C:\Users\AJB\Documents\usx-ethylene-reactor-cleaned-4x-faster-than-leading-cleaning-firm.pdf
[2012/05/13 12:14:16 | 001,235,200 | ---- | C] () -- C:\Users\AJB\Documents\RepairWeldingHighAlloyFurnaceTubes_10031 (2).pdf
[2012/05/13 12:12:34 | 000,597,557 | ---- | C] () -- C:\Users\AJB\Documents\NPRA_RMC-05-88_Zeeco_Valero (2).pdf
[2012/05/13 12:10:15 | 002,842,272 | ---- | C] () -- C:\Users\AJB\Documents\FormC-4027%20IH%20Reprint.pdf
[2012/05/13 12:08:38 | 000,284,183 | ---- | C] () -- C:\Users\AJB\Documents\YARS100_GS_02.pdf
[2012/05/13 11:58:33 | 000,123,083 | ---- | C] () -- C:\Users\AJB\Documents\Ethylene Cracking Furnace_aspx thermabond.pdf
[2012/05/13 11:54:58 | 000,104,849 | ---- | C] () -- C:\Users\AJB\Documents\071.pdf
[2012/05/13 11:51:04 | 004,678,142 | ---- | C] () -- C:\Users\AJB\Documents\nacemp5005p058.pdf
[2012/05/13 11:48:13 | 000,120,093 | ---- | C] () -- C:\Users\AJB\Documents\redfractory failure.pdf
[2012/05/13 11:46:28 | 000,170,157 | ---- | C] () -- C:\Users\AJB\Documents\refractory issues.pdf
[2012/05/13 11:38:30 | 000,412,953 | ---- | C] () -- C:\Users\AJB\Documents\SmartProcessEthyleneFurnace.pdf
[2012/05/13 11:36:13 | 000,865,079 | ---- | C] () -- C:\Users\AJB\Documents\2722_01_08en.pdf
[2012/05/13 11:33:04 | 000,336,867 | ---- | C] () -- C:\Users\AJB\Documents\AnalysisofNOxReductionTechniques (2).pdf
[2012/05/13 11:32:23 | 001,755,529 | ---- | C] () -- C:\Users\AJB\Documents\GDS138.pdf
[2012/05/13 11:27:50 | 000,907,233 | ---- | C] () -- C:\Users\AJB\Documents\rd-te-r05401-010.pdf
[2012/05/13 03:29:34 | 003,032,914 | ---- | C] () -- C:\Users\AJB\Documents\bbf_GCC_cleantech_study_2009.pdf
[2012/05/13 03:18:45 | 000,239,340 | ---- | C] () -- C:\Users\AJB\Documents\822.pdf
[2012/05/13 03:10:01 | 000,503,091 | ---- | C] () -- C:\Users\AJB\Documents\how-to-share-internet-connection-between-pc-and-android-phone-using-wifi.pdf
[2012/05/13 03:03:23 | 029,242,873 | ---- | C] () -- C:\Users\AJB\Documents\Windows 7 Internet Connection Sharing (ICS).mp4
[2012/05/13 03:00:11 | 000,098,798 | ---- | C] () -- C:\Users\AJB\Documents\Using-ICS-Internet-Connection-Sharing.pdf
[2012/05/13 02:54:09 | 000,115,510 | ---- | C] () -- C:\Users\AJB\Documents\faqa=ReverseTether.pdf
[2012/05/13 02:21:17 | 001,540,911 | ---- | C] () -- C:\Users\AJB\Documents\revers tethering.xps
[2012/05/13 02:00:53 | 002,299,145 | ---- | C] () -- C:\Users\AJB\Documents\reverse tether.xps
[2012/05/13 01:56:37 | 001,841,286 | ---- | C] () -- C:\Users\AJB\Documents\reverse tethering.xps
[2012/05/12 23:26:23 | 000,001,832 | ---- | C] () -- C:\Windows\hpwmdl24.dat.temp
[2012/05/11 22:56:17 | 000,066,359 | ---- | C] () -- C:\Users\AJB\Documents\qandaquestion_aspxq=1bc7ef96-da7b-4a7b-89a1-2be01befa254.pdf
[2012/05/11 22:54:34 | 000,370,917 | ---- | C] () -- C:\Users\AJB\Documents\nawtec17-2319.pdf
[2012/05/11 22:50:16 | 000,136,948 | ---- | C] () -- C:\Users\AJB\Documents\fintubecleaning_html.pdf
[2012/05/11 22:49:18 | 001,245,077 | ---- | C] () -- C:\Users\AJB\Documents\nawtec15-3210.pdf
[2012/05/11 22:45:49 | 003,964,571 | ---- | C] () -- C:\Users\AJB\Documents\methodologyblue_html.pdf
[2012/05/11 22:21:04 | 000,975,156 | ---- | C] () -- C:\Users\AJB\Documents\NPRA2005FWFiredHeaterDesignDecokingTechniques.pdf
[2012/05/11 22:11:40 | 000,882,742 | ---- | C] () -- C:\Users\AJB\Documents\PAVbooklet.pdf
[2012/05/11 22:09:43 | 000,514,929 | ---- | C] () -- C:\Users\AJB\Documents\Soot_Blower_Lance_Tube_Corrosion.pdf
[2012/05/11 22:05:38 | 000,236,161 | ---- | C] () -- C:\Users\AJB\Documents\742188.pdf
[2012/05/09 02:01:47 | 000,700,118 | ---- | C] () -- C:\Users\AJB\Documents\Installing different Atrix ROMs.xps
[2012/05/09 01:57:36 | 000,909,832 | ---- | C] () -- C:\Users\AJB\Documents\use of different Atrix ROMs.xps
[2012/05/09 01:50:03 | 000,938,922 | ---- | C] () -- C:\Users\AJB\Documents\Atrix radio software.xps
[2012/05/09 01:46:39 | 001,013,745 | ---- | C] () -- C:\Users\AJB\Documents\gingerbread update.xps
[2012/05/09 01:42:35 | 001,136,253 | ---- | C] () -- C:\Users\AJB\Documents\Atrix backup problems.xps
[2012/05/09 00:59:20 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
[2012/05/09 00:12:56 | 000,134,719 | ---- | C] () -- C:\Users\AJB\Documents\Update instructions for US version of Atrix.pdf
[2012/05/07 23:31:18 | 000,051,604 | ---- | C] () -- C:\Windows\SysWow64\Adist5k.ppd
[2012/05/07 23:31:05 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\gswin32c.exe
[2012/05/07 01:47:27 | 000,178,875 | ---- | C] () -- C:\Users\AJB\Documents\Atrix_45.31.0_Upgrade_Release_Notes_DE.pdf
[2012/05/07 01:39:27 | 000,145,488 | ---- | C] () -- C:\Users\AJB\Documents\Atrix_45_31_0_Upgrade_Release_.pdf
[2012/05/06 18:02:41 | 000,398,487 | ---- | C] () -- C:\Users\AJB\Documents\german Atrix.pdf
[2012/05/06 10:18:38 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/06 10:11:08 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/06 10:11:08 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/06 10:05:51 | 000,695,672 | ---- | C] () -- C:\Users\AJB\Documents\how-to-save-adobe-flash-files-in-mozilla-firefox-and-internet-explorer.pdf
[2012/05/06 09:43:17 | 000,290,033 | ---- | C] () -- C:\Users\AJB\Documents\using the factory reset on Atrix.pdf
[2012/05/05 15:41:33 | 000,483,485 | ---- | C] () -- C:\Users\AJB\Documents\acr6optimize.pdf
[2012/05/03 11:56:34 | 001,188,162 | ---- | C] () -- C:\Users\AJB\Documents\wireless contract.xps
[2012/05/03 11:12:21 | 000,349,863 | ---- | C] () -- C:\Users\AJB\Documents\Foamfrax%20Installation%20Story%2311.pdf
[2012/01/10 01:02:00 | 000,223,069 | ---- | C] () -- C:\Windows\hpwins24.dat
[2011/12/22 11:56:50 | 000,000,166 | ---- | C] () -- C:\Windows\TOPO.INI
[2011/12/17 01:30:32 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2011/12/17 01:30:29 | 000,270,336 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2011/12/17 01:30:28 | 000,003,968 | ---- | C] () -- C:\Windows\SysWow64\drivers\DeNoise.sys
[2011/12/17 01:30:27 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2011/12/17 01:30:27 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2011/12/17 01:30:27 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2011/12/10 18:20:38 | 000,007,625 | ---- | C] () -- C:\Users\AJB\AppData\Local\Resmon.ResmonCfg
[2011/10/22 16:12:26 | 000,000,119 | ---- | C] () -- C:\Users\AJB\AppData\Roaming\default.pls
[2011/10/11 07:30:43 | 000,000,275 | ---- | C] () -- C:\Users\AJB\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/03/25 10:10:09 | 000,000,120 | ---- | C] () -- C:\Windows\PbkUser.INI
[2011/01/30 15:23:53 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2010/10/13 23:53:33 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 23:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 21:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 18:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/27 23:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 04:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 21:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 22:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 22:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 21:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: NETBT.SYS >
[2010/11/20 04:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 04:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/13 18:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

< MD5 for: TDX.SYS >
[2009/07/13 18:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[2010/11/20 04:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 04:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 20:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/20 20:19:35 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/20 20:19:35 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/20 20:19:35 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/04/20 20:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/04/20 20:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/20 20:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/11/14 18:37:04 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/11/14 18:37:04 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/11/14 18:37:04 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/11/14 18:37:04 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/11/14 18:37:04 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/04/20 20:19:35 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/04/20 20:19:35 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/04/20 20:19:35 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/04/20 20:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/04/20 20:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/04/20 20:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/11/14 18:37:03 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/11/14 18:37:03 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/11/14 18:37:03 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/11/14 18:37:04 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/11/14 18:37:04 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >

#5 Art_B

New Member

Members
12 posts

Posted 30 May 2012 - 07:20 PM

ST:

This is the last of 3 messages replying with information you have requested.

Below I have pasted in the text of file: Extras.txt

OTL Extras logfile created on: 5/30/2012 4:23:37 PM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\AJB\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 66.60% Memory free
6.29 Gb Paging File | 3.99 Gb Available in Paging File | 63.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 360.51 Gb Total Space | 3.74 Gb Free Space | 1.04% Space Free | Partition Type: NTFS
Drive F: | 962.13 Mb Total Space | 938.84 Mb Free Space | 97.58% Space Free | Partition Type: FAT

Computer Name: AJB-PC | User Name: AJB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-4081765290-584125182-3648185446-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{38F98AB2-1FBA-405E-8980-1CB3A2E9ACCE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3930C444-EA7A-422E-84A9-EAACCCE5E10E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F3CF1EB-99E8-4057-BDA4-C047BC2924BC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{3F797887-DF4F-4B79-A22B-F151D712E8E9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{469B93F5-A3F0-4CD1-854F-FEDAFF28E7E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4FDFD4D5-0326-432B-8EEA-4AE4B9BB0B51}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{50E5B98D-5C3C-4CD2-86E9-04205876EC72}" = rport=138 | protocol=17 | dir=out | app=system |
"{5A572150-33BC-465E-914E-DB93017808CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B5978B6-30AD-4CA3-8BC2-8E44BADFD73E}" = rport=139 | protocol=6 | dir=out | app=system |
"{64374B99-F0BD-4697-B917-ED88516FAC45}" = rport=10243 | protocol=6 | dir=out | app=system |
"{64D22D43-F945-493F-830B-2BED7C77B5A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6833322D-7325-451A-B127-90D30E2A182E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6AF961D1-3D2E-4787-9986-741FF703C3BC}" = rport=445 | protocol=6 | dir=out | app=system |
"{6D304C01-535C-437D-9635-59473630B0FD}" = lport=445 | protocol=6 | dir=in | app=system |
"{722395D7-3151-452B-BA84-797D8906B8A2}" = lport=137 | protocol=17 | dir=in | app=system |
"{A54D4383-808B-4E86-BEF4-FBCF55A348EF}" = lport=139 | protocol=6 | dir=in | app=system |
"{AB7D5043-AF17-4999-83E3-643B51E01BA8}" = lport=138 | protocol=17 | dir=in | app=system |
"{BEEFE2E2-7F8B-4B32-AE18-1998DE6C934E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C107AD48-E864-4BE6-8E56-003A4DA88049}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C947B562-BD28-44E3-A808-E375EEF76BC7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D336D6F7-668F-4070-8813-43C2FD526D85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D63FFBD4-83BB-4238-B343-7617A87668DF}" = rport=137 | protocol=17 | dir=out | app=system |
"{D76518AC-7D19-41ED-B9CE-569B013EC4A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D98363BC-B720-451A-9F45-540D99AD8C71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DC6BCDE2-108F-4A01-AF0F-13D37B91B77F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E33CF9AC-8A5F-4032-8E85-3C1FF9E93FC6}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{F3AB07ED-09C1-4E7E-950D-560E1F84ECE6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{075800A8-03E1-453C-B03D-CA5DE2E91E0A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{0831373A-9A2B-49E1-A71A-F31F319B6C57}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{104D0EA5-8B46-442A-8494-F71C136705AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{14FDFD51-12AB-427F-A3F3-1DE2B624E56C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A73BE63-B3C0-48EC-957C-D91701BCFCCA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C34C74A-8D98-4C28-AB4A-86E92E80E4AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E708D7F-AED0-4281-B023-AB58AC556024}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{22120128-C0C6-41BD-839D-540881BA5775}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{2852039F-D632-48F8-9A7F-9BF7F475E6BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{289BA56E-FAF5-481C-9CB8-429FA48805A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{2E70305F-D809-4CED-AFE1-11BBBDE54C9F}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{338AD2AA-694A-4884-92F5-9C1D18577689}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{35796977-1E17-4CCE-80A5-8723FFEB71F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{40420F90-0FA8-4BB6-B38F-E9DDEAB15660}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{5312E55F-D831-4A50-B411-6C59C4EEF841}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5450A501-D236-4A4D-B1BD-A7F69448E002}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{57A0976E-6F8D-4018-BEFB-7755B961398C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{59001CA0-3B22-4109-AED6-130E9BDE4796}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{5BC2C287-7CDB-492C-9EFF-FEC5B512C0C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65BF3419-F6E2-4FDF-8C21-C7D0AD15DDFB}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{75EE8F80-BF73-4C88-8D7E-D0269FCEADF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7994A474-6C29-4EBB-A9D6-A09D8A1DA889}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{7A8C3CDF-F000-4028-A4EA-F928E1C65ED5}" = dir=in | app=e:\setup\hpznui40.exe |
"{80D9A4B1-F608-4656-8D8E-E492F457CBC6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{8263051E-0664-450A-9E48-9D63AFAA40DF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{87628D39-519A-48EB-99CC-312CC4F49198}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{88EE6598-5849-42BC-95C2-C9D619D3E8A6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{8D3A0D08-F40B-4ECD-B70F-4E1C655BB03B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8E0AEA86-7D00-4F5D-AF2B-82E8634D598B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{945C602B-04B7-4614-B119-0B4946FA7EDF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{97326D97-C7B0-4B2F-BF2C-71FCE1FC53A8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A1ADC21C-0D5F-448B-9D4C-16F8B86E65AD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A273B555-FB0A-48F9-B77F-02CE2DF15D65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A969C5D4-4BE2-408E-9770-03418A92F2F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{A9B7233C-A398-4BC5-B618-6924B2EAA221}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{AA145D98-51EB-4904-AE1B-FC8B6C3D4AEF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{AD795911-EEAA-43E4-9290-6069932C0083}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ADF9502E-8BDD-4071-86E8-E653D232BBE7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{AF1630EE-9268-4C29-9F82-B2D7ACD8764C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B1FD28D8-003F-4923-873C-05CEE2DF4780}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B6B128A9-7CD4-48EB-AFB2-CB6258876048}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8B57D8E-B8CA-4DF3-92CB-04C6413354D0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8FD2E01-F108-425D-B68A-4FB59CDF34B2}" = protocol=6 | dir=out | app=system |
"{BC88C25C-45A0-4502-9900-0DDDA0950216}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{C0E53E90-C8C3-4B6B-8E66-6EDB13D0DA3C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C2A2E6F5-EC38-44DB-BEA0-3C3A43BC3F10}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{C7E8DFDF-06E8-4976-8212-370E350E6477}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CCC3855D-9EF5-4BB2-992D-5095B99E04C6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D5B84C43-466F-4B4F-8FBA-19889DAE6258}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9C9C2DB-8C9A-450D-8958-6EE2E6123D2B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F45A8CB5-2E79-43E1-902C-FFCED2F62F04}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F6555602-BB75-4DBC-B9A2-1324F9347FD8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{FB618D31-BFE8-43AC-9389-802FBD6C5009}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{655107BA-F557-4B0E-B344-BA1C85B08488}" = Motorola Mobile Drivers Installation 4.8.0
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91DDAB49-487B-4649-93CE-81F6B3423051}" = HP Officejet 6000 E609 Series
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{C09068F5-8B42-46F4-8EAF-11FB1AFB988A}" = FLIR Device Drivers
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro36" = HitmanPro 3.6
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D471171-70BF-459B-AF06-9C34329295E7}" = 6000E609_Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{1CCF681C-C203-49B3-83F4-A54F0F944416}" = ASPCA Reminder by We-Care.com v5.0.5.1
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2AEC19D2-037B-4099-9AE0-267CAD0B522C}" = YouTube Downloader Toolbar v5.8
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44803915-EB10-4425-BD55-38EE1DDC06DF}" = Durametric Diagnostic Tool
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4F57C27B-EDF4-4009-BEBA-EA7AA5C7A02D}" = ProductContext
"{551845DB-2D33-474E-B591-0831F0F2FAF6}" = BPDSoftware_Ini
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{691FCAD9-4A3F-43B9-8EC6-F7EE608D3772}" = 6000E609_eDocs
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{75CDF2CA-5F89-4BC8-9556-CF70782CBD17}" = Motorola Phone Tools
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PUBLISHERR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A20193D1-6F4C-4CA0-A1BF-9316D111C371}" = Durametric USB Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AB0E8288-5759-4961-905B-DAC431093BDD}" = 6000E609n
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{AED142A8-96EA-42DE-B212-60BFC98D6CC7}" = USBFast
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAE06076-DB3F-4936-8864-249A7B2AA662}" = Intel® Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel® Architecture
"{C0EAC838-4ABD-4C89-BF07-D2292A83929C}" = FLIR QuickReport 1.2 SP2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C9FFC925-E27E-436E-A2DF-652324D51033}" = Nero 8 Essentials
"{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.95.714
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera-168
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C5AB8B-44BF-45A8-B3C6-ED5B13F593FC}" = Durametric 6
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Ache 2.0_is1" = Ache 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Glary Utilities_is1" = Glary Utilities 2.33.0.1158
"GOM Player" = GOM Player
"GridVista" = Acer GridVista
"HP PrecisionScan LTX" = HP PrecisionScan LTX
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"MotoHelper" = MotoHelper 2.0.40 Driver 4.8.0
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"Nero PhotoShow Express" = Nero PhotoShow Express
"PDF reDirect" = PDF reDirect (remove only)
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"TOPO!" = TOPO!
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2011 1:14:07 PM | Computer Name = AJB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x908 Faulting application start time: 0x01cca156c3011821 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: ba7264d9-0d51-11e1-a291-00269e7cde93

Error - 11/12/2011 7:30:48 PM | Computer Name = AJB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0xd4 Faulting application start time: 0x01cca190809e41d5 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 594052f1-0d86-11e1-a291-00269e7cde93

Error - 11/12/2011 8:58:26 PM | Computer Name = AJB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x1130 Faulting application start time: 0x01cca196a70d0f3e Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 97399574-0d92-11e1-a291-00269e7cde93

Error - 11/13/2011 12:20:38 AM | Computer Name = AJB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x1650 Faulting application start time: 0x01cca1aee5b7f911 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: d6e5626f-0dae-11e1-a291-00269e7cde93

Error - 11/13/2011 12:37:58 AM | Computer Name = AJB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0xb00 Faulting application start time: 0x01cca1b533081ef6 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 42cc3e34-0db1-11e1-a291-00269e7cde93

Error - 11/13/2011 12:45:39 AM | Computer Name = AJB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x1484 Faulting application start time: 0x01cca1bb9ce7787b Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 55106718-0db2-11e1-a291-00269e7cde93

Error - 11/13/2011 4:51:42 AM | Computer Name = AJB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0xfec Faulting application start time: 0x01cca1df0fb865d3 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: b4921d81-0dd4-11e1-a291-00269e7cde93

Error - 11/13/2011 9:37:55 AM | Computer Name = AJB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x53006c6c Faulting process id:
0x1224 Faulting application start time: 0x01cca207b4f8ba71 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: b0823176-0dfc-11e1-a2d6-00269e7cde93

Error - 11/13/2011 11:06:23 PM | Computer Name = AJB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x21c Faulting application start time: 0x01cca27648c2bde7 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: a18b033e-0e6d-11e1-a39c-00269e7cde93

Error - 11/14/2011 3:08:21 AM | Computer Name = AJB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x139c Faulting application start time: 0x01cca27bc2d93eab Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 6edbc495-0e8f-11e1-af5d-00269e7cde93

[ Media Center Events ]
Error - 6/14/2010 4:54:45 AM | Computer Name = AJB-PC | Source = MCUpdate | ID = 0
Description = 3:54:41 AM - Error connecting to the internet. 3:54:42 AM - Unable
to contact server..

Error - 6/15/2010 12:13:59 AM | Computer Name = AJB-PC | Source = MCUpdate | ID = 0
Description = 11:13:59 PM - Error connecting to the internet. 11:13:59 PM - Unable
to contact server..

Error - 6/15/2010 12:14:09 AM | Computer Name = AJB-PC | Source = MCUpdate | ID = 0
Description = 11:14:05 PM - Error connecting to the internet. 11:14:05 PM - Unable
to contact server..

Error - 6/15/2010 1:14:14 AM | Computer Name = AJB-PC | Source = MCUpdate | ID = 0
Description = 12:14:14 AM - Error connecting to the internet. 12:14:14 AM - Unable
to contact server..

Error - 6/15/2010 1:14:21 AM | Computer Name = AJB-PC | Source = MCUpdate | ID = 0
Description = 12:14:19 AM - Error connecting to the internet. 12:14:19 AM - Unable
to contact server..

Error - 6/15/2010 2:14:32 AM | Computer Name = AJB-PC | Source = MCUpdate | ID = 0
Description = 1:14:32 AM - Error connecting to the internet. 1:14:32 AM - Unable
to contact server..

Error - 6/15/2010 2:14:48 AM | Computer Name = AJB-PC | Source = MCUpdate | ID = 0
Description = 1:14:38 AM - Error connecting to the internet. 1:14:38 AM - Unable
to contact server..

Error - 6/15/2010 3:14:55 AM | Computer Name = AJB-PC | Source = MCUpdate | ID = 0
Description = 2:14:54 AM - Error connecting to the internet. 2:14:55 AM - Unable
to contact server..

Error - 6/15/2010 3:15:03 AM | Computer Name = AJB-PC | Source = MCUpdate | ID = 0
Description = 2:15:00 AM - Error connecting to the internet. 2:15:00 AM - Unable
to contact server..

Error - 6/16/2010 11:19:49 PM | Computer Name = AJB-PC | Source = MCUpdate | ID = 0
Description = 10:19:45 PM - Error connecting to the internet. 10:19:45 PM - Unable
to contact server..

[ System Events ]
Error - 5/28/2012 9:52:24 PM | Computer Name = AJB-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 5/29/2012 12:54:07 AM | Computer Name = AJB-PC | Source = DCOM | ID = 10010
Description =

Error - 5/29/2012 12:55:45 AM | Computer Name = AJB-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 5/29/2012 4:46:39 AM | Computer Name = AJB-PC | Source = DCOM | ID = 10010
Description =

Error - 5/29/2012 4:48:16 AM | Computer Name = AJB-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 5/29/2012 5:38:05 AM | Computer Name = AJB-PC | Source = DCOM | ID = 10010
Description =

Error - 5/30/2012 2:06:25 AM | Computer Name = AJB-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 5/30/2012 3:38:39 AM | Computer Name = AJB-PC | Source = DCOM | ID = 10010
Description =

Error - 5/30/2012 2:09:53 PM | Computer Name = AJB-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 5/30/2012 4:01:57 PM | Computer Name = AJB-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (120000 milliseconds) was reached while waiting for a transaction
response from the T3Srv service.

< End of report >

#6 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 31 May 2012 - 12:42 AM

Hi Art_B!

Not a problem! I'm glad to be of assistance!!

Thanks for answering my question, that information helped me out.

It looks like these two threats:

ipemm.dll (located in C:\Users\AJB\AppData\Local\Ahead\Adobe)
ipemm.dll (located in: C:\Users\AJB\AppData\Local\Temp\nsd8F09.tmp)

are what was causing some of the issues, probably the redirects in Internet Explorer.

These 3 are related to a Yontoo which I like to refer to as Crapware:

YontooSetup-Silent.exe (located in: C:\Users\AJB\AppData\Local\Temp)
_Setupx.dll (located in: C:\ProgramData\Tarma Installer\889DF117-14D1-44EE-9F31-C5)
YontooIEClient.dll (located in C:\Program Files (x86)\Yontoo)

Hopefully, only 2 additional messages will be required.

We need to remove a program. To do this please do the following:

Click Start
Go to Control Panel
Double click on Programs and Features
Find and click the Uninstall button to uninstall the following (if present):
Yontoo 1.10.02
AVG Secure Search <== If you don't use it, then I suggest removing it.
Ask Toolbar <== If you don't use it, then I suggest removing it.
Yahoo Toolbar <== If you don't use it, then I suggest removing it.
YouTube Downloader Toolbar <== If you don't use it, then I suggest removing it.

NEXT:

Lets see if anything improves after running these fixes:

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Processes
KILLALLPROCESSES
:OTL
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=GLSV5&o=10168&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=GL&apn_dtid=YYYYYYYYUS&apn_uid=54405D29-BCE8-45C7-99DF-9371E41B2C6E&apn_sauid=F6E6EB91-5299-4B66-B602-DCEFFFB7D7C8
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={97CF6A37-CE8B-48DB-A309-9B42ECCB428F}&mid=cb75980189de47d0a2f2dd2930514c99-9243bdfbf2c57df5c8a36610dd90b7de4b66de2d&lang=en&ds=gm011&pr=sa&d=2012-05-06 16:38:40&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\SearchScopes\{E224BCBC-BF30-4174-A959-D20A495E3AB2}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid=%7Bdd7ad413-e9b3-40ed-b765-84fde4e6f32c%7D&mid=cb75980189de47d0a2f2dd2930514c99-9243bdfbf2c57df5c8a36610dd90b7de4b66de2d&ds=gm011&v=11.0.0.9&lang=en&pr=sa&d=2012-05-06%2016%3A38%3A40"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Bdd7ad413-e9b3-40ed-b765-84fde4e6f32c%7D&mid=cb75980189de47d0a2f2dd2930514c99-9243bdfbf2c57df5c8a36610dd90b7de4b66de2d&ds=gm011&v=11.0.0.9&lang=en&pr=sa&d=2012-05-06%2016%3A38%3A40&sap=ku&q="
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
[2012/05/19 14:13:19 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\AJB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\279JIX0P.DEFAULT\EXTENSIONS\ZNWAYTZUQS@ZNWAYTZUQS.ORG.XPI
[2012/05/06 16:38:30 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4081765290-584125182-3648185446-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\windows\system32\oem\setEvent.exe File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Prolific_OneButton] C:\Program Files (x86)\USBFast\OneBtn.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{0f215dba-8104-11e0-a011-0c6076b5a56a}\Shell - "" = AutoRun
O33 - MountPoints2\{0f215dba-8104-11e0-a011-0c6076b5a56a}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{9200bee4-16b8-11df-8801-00269e7cde93}\Shell - "" = AutoRun
O33 - MountPoints2\{9200bee4-16b8-11df-8801-00269e7cde93}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b7226eaf-3235-11e1-b87e-00269e7cde93}\Shell - "" = AutoRun
O33 - MountPoints2\{b7226eaf-3235-11e1-b87e-00269e7cde93}\Shell\AutoRun\command - "" = F:\setup.exe -a
[2012/05/06 16:39:01 | 000,000,000 | ---D | C] -- C:\Users\AJB\AppData\Local\AVG Secure Search
[2012/05/06 16:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/05/06 16:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/05/06 16:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search

:Reg

:Files
C:\Program Files (x86)\Common Files\AVG Secure Search
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL Fix log file.
3. MalwareBytes' Anti-Malware log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

#7 Art_B

New Member

Members
12 posts

Posted 31 May 2012 - 02:16 AM

ST:

I have not been able to remove the Yontoo 1.10.02 program. When I try to uninstall it, an information box pops up that is labeled “Tarma Installer” and has the following words in the box: “Setup initialization error”.
Please advise on next steps to take. Should I proceed on to the OTL fix or would you like me to try some other method for removing the Yontoo program ?

Art_B

#8 Art_B

New Member

Members
12 posts

Posted 01 June 2012 - 01:42 AM

ST: Since I have been having some problems with removing Yontoo I have looked into various methods and one way to remove Yontoo appears to be by downloading the Yontoo uninstaller from the Yontoo website as described in the following message posted on the answers.yahoo website about 2 months ago:
http://answers.yahoo.com/question/index?qid=20120325081757AAlLoHu

Removing Yontoo:

Yontoo is a typical windows program that can easily be uninstalled using your operating system’s standard mechanism. On Windows, you can access this by going to the Start Menu, selecting Control Panel and then selecting Add or Remove Programs (or Programs and Features on some versions of Windows). Once this Control Panel opens, scroll down to Yontoo and double-click on its icon. Follow the onscreen instructions to remove the program.

Troubleshooting:

Sometimes other programs may alter or even remove necessary files that Yontoo needs to uninstall properly. If you were unsuccessful removing Yontoo as described in the previous paragraph, please download and run the following YontooUninstaller.exe which can be found at the following location.

http://download.yontoo.com/YontooUninstaller.exe

Running this uninstaller will uninstall Yontoo from your computer, including removing it from the Add or Remove Programs Control Panel.

Please let us know if we can be of any further assistance.

Yontoo Customer Support
http://www.yontoo.com

I have also investigated uninstalling Yontoo via Glary Utilities which it a utilities program I installed many months ago. It has a program uninstaller utility, however that utility does not show Yontoo as being a program, (it is missing from Glary’s list of programs that can be uninstalled) so I am doubtful Yontoo can be uninstalled by most generic uninstaller programs.

Do you think it is worthwhile for me to download Yontoo’s uninstaller program from the Yontoo website and use it to get rid of Yontoo ?

Art_B

#9 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 02 June 2012 - 07:38 AM

Hi Art_B!

I apologize for the delay! I've had a pretty hectic and stressful week on my end, and am now only getting a free chance to log on to my computer and respond to my threads right now.

Do you think it is worthwhile for me to download Yontoo’s uninstaller program from the Yontoo website and use it to get rid of Yontoo ?

I'm going to have you try holding off on download that tool.

Lets try removing it using this utility below:

RevoUninstaller
Download and install Revo Uninstaller

Double click the Revo Uninstaller icon on your desktop to start the program
Scroll through the listed programs and Right Click on the program you wish to uninstall
From the pop out menu choose Uninstall
Click Yes to the confirmation dialogue
In the next window select the Advanced mode
Click Next to start uninstalling the program
Answer Yes to confirm the uninstall
When the program has completed the four steps, click Next to allow the program to search for leftovers
You'll need to click on Select All when it lists any left over Registry Keys/Files & Folders. Followed by the Delete button.
Once complete, click Next, then Finish
Repeat the above steps for any other programs you wish to remove.

Let me know how the above goes.

-ST.

#10 Art_B

New Member

Members
12 posts

Posted 02 June 2012 - 03:08 PM

ST:

Glad to hear you are OK and were only busy with other problems.

Before I saw your most recent message, I decided to try one simple course of action for removing Yontoo, while it exposed me to some possible problems, at least it did not require additional downloading of uninstall programs: that was taking all components of Yontoo out of the quarantine that Hitman had put them in. Possibly, I did not explain in a previous response that when Hitman quarantined 5 files, (2 malware files and 3 "riskware" files), I did not delete them but just left them quarantined. So to remove Yontoo, I took the 3 "riskware" files out of quarantine, (since you had previously explained they were all Yontoo files). Afterwards, I was able to successfully remove Yontoo via Windows as you instructed in a previous message. After removing Yontoo and the toolbars you recommended removing, I followed the rest of your instructions and ran OTL and Malwarebytes.

Only one unexpected event occured: after OTL ran and rebooted my system, Hitman ran and produced the following message: "Host file is compromised. Host file contains Byte order mark (BOM) obfuscation C:\Windows\system32\drivers\ect\". Hitman gave me an option to repair the compromised file which I accepted so hopefully that file is now properly repaired. Afterwards, I enabled Malwarebytes, requested a update of it and then ran a quick scan with Malwarebytes as you recommended in a previous message.

Below I have pasted into this message the log files from OTL and Malwarebytes.

Please tell me what next steps I should take.

Best Regards,

Art_B

Log file from OTL:

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-4081765290-584125182-3648185446-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-4081765290-584125182-3648185446-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-4081765290-584125182-3648185446-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E224BCBC-BF30-4174-A959-D20A495E3AB2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E224BCBC-BF30-4174-A959-D20A495E3AB2}\ not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "http://isearch.avg.com?cid=%7Bdd7ad413-e9b3-40ed-b765-84fde4e6f32c%7D&mid=cb75980189de47d0a2f2dd2930514c99-9243bdfbf2c57df5c8a36610dd90b7de4b66de2d&ds=gm011&v=11.0.0.9&lang=en&pr=sa&d=2012-05-06%2016%3A38%3A40" removed from browser.startup.homepage
Prefs.js: "http://isearch.avg.com/search?cid=%7Bdd7ad413-e9b3-40ed-b765-84fde4e6f32c%7D&mid=cb75980189de47d0a2f2dd2930514c99-9243bdfbf2c57df5c8a36610dd90b7de4b66de2d&ds=gm011&v=11.0.0.9&lang=en&pr=sa&d=2012-05-06%2016%3A38%3A40&sap=ku&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll not found.
C:\Users\AJB\AppData\Roaming\Mozilla\Firefox\Profiles\279jix0p.default\extensions\znwaytzuqs@znwaytzuqs.org.xpi moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
File C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-4081765290-584125182-3648185446-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_USERS\S-1-5-21-4081765290-584125182-3648185446-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PLD_FrameworkRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Prolific_OneButton deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f215dba-8104-11e0-a011-0c6076b5a56a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f215dba-8104-11e0-a011-0c6076b5a56a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f215dba-8104-11e0-a011-0c6076b5a56a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f215dba-8104-11e0-a011-0c6076b5a56a}\ not found.
File E:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9200bee4-16b8-11df-8801-00269e7cde93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9200bee4-16b8-11df-8801-00269e7cde93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9200bee4-16b8-11df-8801-00269e7cde93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9200bee4-16b8-11df-8801-00269e7cde93}\ not found.
File "D:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7226eaf-3235-11e1-b87e-00269e7cde93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7226eaf-3235-11e1-b87e-00269e7cde93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7226eaf-3235-11e1-b87e-00269e7cde93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7226eaf-3235-11e1-b87e-00269e7cde93}\ not found.
File F:\setup.exe -a not found.
Folder C:\Users\AJB\AppData\Local\AVG Secure Search\ not found.
Folder C:\ProgramData\AVG Secure Search\ not found.
Folder C:\Program Files (x86)\Common Files\AVG Secure Search\ not found.
Folder C:\Program Files (x86)\AVG Secure Search\ not found.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\AJB\Downloads\cmd.bat deleted successfully.
C:\Users\AJB\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator

User: AJB
->Temp folder emptied: 199240577 bytes
->Temporary Internet Files folder emptied: 646965281 bytes
->Java cache emptied: 357685 bytes
->FireFox cache emptied: 60226658 bytes
->Google Chrome cache emptied: 35540044 bytes
->Flash cache emptied: 45440 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 556290166 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102023 bytes
RecycleBin emptied: 702405305 bytes

Total Files Cleaned = 2,099.00 mb

[EMPTYFLASH]

User: Administrator

User: AJB
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: AJB
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.44.0 log created on 06022012_111719

Files\Folders moved on Reboot...
C:\Users\AJB\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

The log file from Malwarebytes is pasted in below:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
AJB :: AJB-PC [administrator]

Protection: Enabled

6/2/2012 11:43:22 AM
mbam-log-2012-06-02 (11-43-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213810
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 03 June 2012 - 07:45 AM

Hi Art_B!

Thanks for understanding.

After removing Yontoo and the toolbars you recommended removing, I followed the rest of your instructions and ran OTL and Malwarebytes.

Okay, glad to hear you were able to get rid of Yontoo successfully.

Hitman gave me an option to repair the compromised file which I accepted so hopefully that file is now properly repaired.

It sounds like HitmanPro was detecting a repair that OTL had made. More specifically the Host file which I had the script reset when I had you run the OTL fix.

Lets run this tool and see what it finds:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.
If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.

#12 Art_B

New Member

Members
12 posts

Posted 04 June 2012 - 12:15 AM

ST:

Before running Combofix, I tried using Firefox to search with Google and the redirects did not occur. So possibly the redirect problem was fixed prior to running Combofix. In any case, since OTL worked well, I gladly took your recommendation and run Combofix.

I have pasted in below the text from the file that Combofix created.

Please let me know what next steps I should take.

Best Regards,

Art_B

ComboFix 12-06-03.05 - AJB 06/03/2012 22:36:21.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2695 [GMT -5:00]
Running from: c:\users\AJB\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\AJB\Documents\~ytD01C.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 03:46 . 2012-06-04 03:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-03 23:49 . 2012-06-03 23:49 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-02 16:17 . 2012-06-02 16:17 -------- d-----w- C:\_OTL
2012-06-01 03:14 . 2012-06-01 03:14 -------- d-----w- c:\users\AJB\AppData\Roaming\GlarySoft
2012-05-29 08:43 . 2012-05-29 08:43 116016 ----a-w- c:\windows\system32\drivers\11398540.sys
2012-05-21 04:37 . 2012-05-21 04:37 -------- d-----w- c:\users\AJB\AppData\Roaming\SUPERAntiSpyware.com
2012-05-21 04:35 . 2012-05-21 04:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-21 04:35 . 2012-05-21 04:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-20 02:23 . 2012-05-20 02:23 -------- d-----w- c:\users\AJB\AppData\Roaming\Malwarebytes
2012-05-20 02:23 . 2012-05-20 02:23 -------- d-----w- c:\programdata\Malwarebytes
2012-05-20 02:23 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-20 02:23 . 2012-05-20 02:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-20 01:18 . 2012-06-03 18:31 -------- d-----w- c:\program files\HitmanPro
2012-05-20 01:17 . 2012-05-20 01:27 -------- d-----w- c:\programdata\HitmanPro
2012-05-15 08:01 . 2012-05-15 08:01 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-15 08:01 . 2012-05-15 08:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-13 23:56 . 2012-05-13 23:56 -------- d-----w- c:\program files (x86)\Ache 2.0
2012-05-11 05:28 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 05:28 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 05:27 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 05:27 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 05:27 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 05:27 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 05:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 05:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 05:24 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 05:24 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 05:24 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 05:24 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 05:24 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 05:59 . 2012-05-09 05:59 -------- d-----w- c:\programdata\YTD YouTube Downloader & Converter
2012-05-08 04:31 . 2011-06-21 15:23 212240 ----a-w- c:\windows\SysWow64\Richtx32.ocx
2012-05-08 04:31 . 2011-06-21 15:23 196608 ----a-w- c:\windows\SysWow64\Utility.dll
2012-05-08 04:31 . 2011-06-21 15:23 117507 ----a-w- c:\windows\SysWow64\msinet.ocx
2012-05-08 04:31 . 2012-05-09 05:06 -------- d-----w- c:\windows\SysWow64\gs
2012-05-08 04:31 . 2012-05-09 05:06 -------- d-----w- c:\programdata\123PDF
2012-05-08 04:31 . 2001-03-13 19:49 140288 ----a-w- c:\windows\SysWow64\COMDLG32.OCX
2012-05-08 04:31 . 1998-04-24 05:00 368912 ----a-w- c:\windows\SysWow64\vbar332.dll
2012-05-06 21:37 . 2012-05-06 21:37 -------- d--h--w- c:\programdata\Common Files
2012-05-06 15:38 . 2012-05-28 16:07 -------- d-----w- c:\users\AJB\dwhelper
2012-05-06 15:23 . 2012-05-06 15:23 -------- d-----w- c:\windows\system32\Macromed
2012-05-06 15:18 . 2012-05-06 15:23 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 15:11 . 2012-05-06 15:11 -------- d-----w- c:\users\AJB\AppData\Local\Mozilla
2012-05-06 15:11 . 2012-05-06 15:11 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-06 02:19 . 2012-05-06 02:19 -------- d-----w- c:\programdata\PDF reDirect
2012-05-05 21:24 . 2012-05-06 02:19 -------- d-----w- c:\users\AJB\AppData\Roaming\PDF reDirect
2012-05-05 21:24 . 2012-05-05 21:24 -------- d-----w- c:\program files (x86)\PDF reDirect
2012-05-05 21:24 . 2012-06-02 15:49 -------- d-----w- c:\programdata\Tarma Installer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 15:23 . 2011-08-05 04:36 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-20 18:11 . 2011-01-30 04:45 162192 ----a-w- c:\windows\system32\mfevtps.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-07 39408]
"PhotoShow Deluxe Media Manager"="c:\progra~2\Ahead\Ahead\data\Xtras\mssysmgr.exe" [2004-05-12 196608]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2736128]
"Picasa Media Detector"="c:\program files (x86)\Picasa2\PicasaMediaDetector.exe" [2007-09-12 443968]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-17 4787072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-17 825864]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-04-21 270336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\AJB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Seagate Product Registration.lnk - c:\users\AJB\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe [2011-3-31 1731736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-10-7 708608]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys [x]
R3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-29 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 T3Srv;FLIR Systems Camera Monitor;c:\program files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Srv.exe [2010-03-18 781408]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 17:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 15:23]
.
2011-03-28 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-03-28 22:24]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 01:31]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 01:31]
.
2012-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-05-09 17:22]
.
2012-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-05-09 17:22]
.
2012-06-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 21d36995-287b-4ece-8b8b-1e0990e0abe0.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-06-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3279b39f-6800-46d5-b2cc-0e8e747f57e6.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-29 824352]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-12 365592]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-01-07 200704]
"FS Camera Monitor"="c:\program files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Mon.exe" [2010-03-18 334432]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1810t&r=273602100306l0383z1j5t4811d279
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1810t&r=273602100306l0383z1j5t4811d279
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\AJB\AppData\Roaming\Mozilla\Firefox\Profiles\279jix0p.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-03 22:51:08
ComboFix-quarantined-files.txt 2012-06-04 03:51
.
Pre-Run: 4,055,158,784 bytes free
Post-Run: 4,558,352,384 bytes free
.
- - End Of File - - B6DC5AE790AA961F0A80E85566CE50A5

#13 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 04 June 2012 - 06:41 AM

Hi Art_B!

Great! Glad to hear that the issue you were experiencing with the redirects appears to be resolved.

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#14 Art_B

New Member

Members
12 posts

Posted 05 June 2012 - 09:31 AM

ST:

Below I have pasted in the logs from Malwarebytes, ESET and Security Check. ESET found some troubling things. Also troubling is that when I followed your instruction for clicking on your links for ESET, nothing happened, as if they were disabled. As I recall, something similar happened when I tried to download ComboFix to do a scan/repair with it as you requested in a previous message, ComboFix seemed to start downloading but would not complete. Fortunately, as I found with ComboFix, I was able to see the website addresses your links were directing me to when my cusor was positioned over them, so to go to those websites I just typed their website address directly into my browser, (rather than clicking on your links).

Please let me know what my next steps should be.

Best Regards,

Art_B

Log from Malwarebytes is pasted in below.

Protection: Enabled

6/4/2012 11:12:33 PM
mbam-log-2012-06-04 (23-12-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221677
Time elapsed: 7 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

List of threats from ESET is pasted in below.

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\AJB\Downloads\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application
C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows\FixCamera.exe a variant of Win32/KillProc.A application
C:\_OTL\MovedFiles\06022012_111719\C_Users\AJB\AppData\Roaming\Mozilla\Firefox\Profiles\279jix0p.default\extensions\znwaytzuqs@znwaytzuqs.org.xpi JS/Redirector.NBX trojan
Operating memory a variant of Win32/KillProc.A application

Log from Security Check is pasted in below.

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

#15 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 05 June 2012 - 10:04 AM

Hi Art_B!

Sorry to hear that you experienced issues with the ESET instructions.

I'm glad to hear that you were able to get it to run though.

Hi!

These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\_OTL\MovedFiles\06022012_111719\C_Users\AJB\AppData\Roaming\Mozilla\Firefox\Profiles\279jix0p.default\extensions\znwaytzuqs@znwaytzuqs.org.xpi JS/Redirector.NBX trojan

These threat(s) below will be removed very shortly:

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\AJB\Downloads\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application
C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows\FixCamera.exe a variant of Win32/KillProc.A application

____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
Look for "Java Platform, Standard Edition".
Click the "Download JRE" button to the right.
Read the License Agreement, and then check the box that says: "Accept License Agreement".
From the list, select your OS and Platform:
- 32-bit Select: Windows x86 Offline.
- 64-bit Select: Windows x64.
If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to

> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u4-windows-i586-s.exe (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.

NEXT

Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

Go to Start > Control Panel > Add/Remove Programs
Remove ALL instances of Adobe Reader
Re-boot your computer as required.
Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL

:Reg

:Files
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll
C:\Users\AJB\Downloads\YouTubeDownloaderSetup33.exe
C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll
C:\Windows\FixCamera.exe
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following code into the textbox.

netsvcs
drivers32
hklm\software\clients\startmenuinternet|command /rs
%systemroot%\*. /rp /s
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Push the button.
A report will open. Copy and Paste that report in your next reply.