Being Plagued by the MyStart.Incredibar redirect virus

Hello; hope someone out there can help me with an increasingly annoying redirect.
Computer was running slow so I gave it to my IT buddy for a once over - it had been redirecting me/pulling me from sites I wanted to go to to - MyStart.Incredibar - site. He said he ran deep scans on it and could find nothing, gave it back and the very next day - bingo! it's back again.

I did a bit of looking and pulled out something looking like the Incredibar search engine I found in Firefox and in Chrome- got better, but FF still flips me over/but not fully.

It hits like this: I'll put in an address, seems to be taking a bit longer than normal, a string with 'yahoo' hits the address bar and then it flips to Incredibar.
The header is missing from the search page.

Local computer store employee told me to run :SuperAntiSpyware, MalwareBites and Spybot S&D; in Safe Mode - seemed to find a bunch of stuff, computer was running faster after reboot, then 30 minutes later it showed up again.

Don't know what else to do, hope someone out there can help me.

Thanks in advance, and as directed please find a copy of my dds scan of today.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Jerome at 14:18:57 on 2012-06-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3933.1412 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\DealBulldog Toolbar Toolbar\TbHelper2.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Jerome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jerome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jerome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jerome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jerome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jerome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jerome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jerome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jerome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jerome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jerome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jerome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Jerome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cbc.ca/
uWindow Title = Presented by TOSHIBA Leading Innovation >>>
uSearch Page =
uDefault_Page_URL = hxxp://www.toshiba.ca/welcome
uSearch Bar =
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mStart Page = auto:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.9\iobitToolbarIE.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
uURLSearchHooks: H - No File
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
mWinlogon: Userinit=userinit.exe,
BHO: AutorunsDisabled - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.9\iobitToolbarIE.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{41DB8353-13B2-4899-BF63-F9B7E1F9F744} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{41DB8353-13B2-4899-BF63-F9B7E1F9F744}\052796D61627970264C6F6473716D6 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{41DB8353-13B2-4899-BF63-F9B7E1F9F744}\24F6573686162746D27657563747 : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{41DB8353-13B2-4899-BF63-F9B7E1F9F744}\3547E202A45627F6D656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{41DB8353-13B2-4899-BF63-F9B7E1F9F744}\35570756270283 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{41DB8353-13B2-4899-BF63-F9B7E1F9F744}\73130244563702F4574716274637 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{41DB8353-13B2-4899-BF63-F9B7E1F9F744}\75C414E4 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{41DB8353-13B2-4899-BF63-F9B7E1F9F744}\94E44554C4C494E45445 : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: AutorunsDisabled - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO-X64: Winamp Toolbar Loader - No File
BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO-X64: Web Assistant Helper - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.9\iobitToolbarIE.dll
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\inqqs9oe.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
FF - component: C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\inqqs9oe.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\inqqs9oe.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll
FF - component: C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\inqqs9oe.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCore.dll
FF - component: C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\inqqs9oe.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jerome\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - b2ab948000000000000070f1a1070dbd
FF - user.js: extensions.funmoods_i.instlDay - 15383
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1617:05:59
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyBTQtEV6&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - b2ab948000000000000070f1a1070dbd
FF - user.js: extensions.incredibar_i.instlDay - 15475
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:36:10
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyBTQtEV6
FF - user.js: extensions.incredibar_i.upn2n - 92261412224897836
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\windows\system32\Drivers\SmartDefragDriver.sys --> C:\windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 aswKbd;aswKbd;C:\windows\system32\drivers\aswKbd.sys --> C:\windows\system32\drivers\aswKbd.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-18 1161376]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120622.001\IDSviA64.sys [2012-6-22 509088]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-7-17 181616]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 DiskDoctorService;Norton Disk Doctor Service;C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2012-6-18 1029480]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-6-18 138232]
R2 SpeedDiskService;Norton SpeedDisk Service;C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2012-6-18 1037672]
R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-5-15 185856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-18 138912]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 SymDSMon;SymDSMon;\??\C:\windows\system32\drivers\SymDSMon.sys --> C:\windows\system32\drivers\SymDSMon.sys [?]
R3 SYMSpeedDisk;SYMSpeedDisk;C:\Windows\System32\drivers\SymSpeedDisk.sys [2012-6-18 108800]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-2-25 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-10 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-10 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-17 113120]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-24 13:05:13 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-06-23 20:33:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-23 20:33:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-23 17:48:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-23 17:48:21 -------- d-----w- C:\ProgramData\SUPERSetup
2012-06-22 19:42:04 -------- d-----w- C:\Users\Jerome\AppData\Local\CrashDumps
2012-06-19 13:02:57 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-19 13:02:37 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-19 13:02:16 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-19 13:02:16 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-18 23:34:43 -------- d-----w- C:\Users\Jerome\AppData\Roaming\Norton Utilities
2012-06-18 23:31:54 -------- d-----w- C:\ProgramData\Norton Installer
2012-06-18 23:31:19 44544 ----a-w- C:\windows\SysWow64\msxml4a.dll
2012-06-18 23:31:18 191232 ----a-w- C:\windows\System32\drivers\SymDSMon.sys
2012-06-18 23:31:18 163384 ----a-w- C:\windows\System32\drivers\SymSpeedDisk.sys
2012-06-18 23:31:18 108800 ----a-w- C:\windows\SysWow64\drivers\SymSpeedDisk.sys
2012-06-18 23:31:17 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec
2012-06-18 23:31:16 880640 ----a-w- C:\windows\SysWow64\UniBox10.ocx
2012-06-18 23:31:16 506368 ----a-w- C:\windows\SysWow64\msxml.dll
2012-06-18 23:31:16 39784 ----a-w- C:\windows\System32\CleanMFT64.exe
2012-06-18 23:31:16 212992 ----a-w- C:\windows\SysWow64\UniBoxVB12.ocx
2012-06-18 23:31:16 1101824 ----a-w- C:\windows\SysWow64\UniBox210.ocx
2012-06-18 23:31:12 -------- d-----w- C:\Program Files (x86)\Norton Utilities 15
2012-06-18 23:29:29 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-06-18 23:24:21 737912 ----a-w- C:\windows\System32\drivers\NISx64\1307010.005\srtsp64.sys
2012-06-18 23:24:21 451192 ----a-r- C:\windows\System32\drivers\NISx64\1307010.005\symds64.sys
2012-06-18 23:24:21 405624 ----a-w- C:\windows\System32\drivers\NISx64\1307010.005\symnets.sys
2012-06-18 23:24:21 37496 ----a-w- C:\windows\System32\drivers\NISx64\1307010.005\srtspx64.sys
2012-06-18 23:24:21 190072 ----a-w- C:\windows\System32\drivers\NISx64\1307010.005\ironx64.sys
2012-06-18 23:24:21 167048 ----a-w- C:\windows\System32\drivers\NISx64\1307010.005\ccsetx64.sys
2012-06-18 23:24:21 1092728 ----a-w- C:\windows\System32\drivers\NISx64\1307010.005\symefa64.sys
2012-06-18 23:24:17 -------- d-----w- C:\windows\System32\drivers\NISx64\1307010.005
2012-06-18 23:11:36 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-06-18 23:11:36 -------- d-----w- C:\Program Files\Symantec
2012-06-18 23:11:36 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-06-18 23:10:30 -------- d-----w- C:\windows\System32\drivers\NISx64
2012-06-18 23:10:27 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-06-18 22:20:20 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-06-18 15:49:10 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-06-18 15:49:09 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-06-18 15:00:32 -------- d-----w- C:\sh4ldr
2012-06-18 15:00:32 -------- d-----w- C:\Program Files\Enigma Software Group
2012-06-18 14:59:14 -------- d-----w- C:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-18 14:59:09 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-06-13 14:02:52 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-06-12 16:09:13 -------- d-----w- C:\Users\Jerome\AppData\Local\Macromedia
2012-06-11 18:26:57 -------- d-----w- C:\Users\Jerome\AppData\Local\{F42F5662-518F-4B30-84E2-B5FEBBE64138}
2012-06-11 18:26:47 -------- d-----w- C:\Users\Jerome\AppData\Local\{C3C46319-0F40-4D15-8127-1D6BEA18CD45}
2012-06-10 17:23:57 -------- d-----w- C:\McAfee Stinger
2012-06-10 17:07:07 -------- d-----w- C:\Autoruns
2012-06-09 23:08:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-09 23:07:19 -------- d-----w- C:\Users\Jerome\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 23:07:19 -------- d-----w- C:\Program Files (x86)\SUPERAntiSpyware
2012-06-08 16:42:59 16200 ----a-w- C:\windows\stinger.sys
2012-06-08 16:42:42 -------- d-----w- C:\Program Files (x86)\stinger
2012-06-08 02:11:00 -------- dc----w- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2012-06-08 01:59:53 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-06-01 21:45:29 -------- d-----w- C:\Users\Jerome\AppData\Local\{F9837DCB-35F9-46B1-918C-DB23FCDF75B7}
2012-06-01 21:44:10 -------- d-----w- C:\Users\Jerome\AppData\Local\{4E880B1D-ED5D-469C-AE62-5CF5194B7C65}
2012-06-01 17:06:28 -------- d-----w- C:\Users\Jerome\AppData\Local\{18E5C6F9-DFC1-46E1-B2FF-F5BE4435A91B}
2012-05-31 15:28:33 -------- d-----w- C:\Users\Jerome\AppData\Local\{B60BF513-17F3-46AC-8445-3717CB4CD17B}
2012-05-31 15:27:51 -------- d-----w- C:\Users\Jerome\AppData\Local\{3AB524CA-CE56-4EB1-B409-5C2998A7715C}
2012-05-31 14:27:42 -------- d-----w- C:\Users\Jerome\AppData\Local\{070076B4-0144-4F74-81E3-2F9B6A871035}
2012-05-30 12:16:46 -------- d-----w- C:\Users\Jerome\AppData\Local\{BD064C23-D103-46FE-817C-9EF16FE1F020}
2012-05-30 12:15:50 -------- d-----w- C:\Users\Jerome\AppData\Local\{CE2C80A1-C652-47B2-8291-328EB7A6FE87}
2012-05-30 11:57:27 -------- d-----w- C:\Users\Jerome\AppData\Local\{519B6940-7B4B-4ACC-8A1E-9F983CBB027D}
2012-05-29 10:51:43 -------- d-----w- C:\Users\Jerome\AppData\Local\{6B83BDDA-0BD7-4DAC-8FC0-F7F06161A24E}
2012-05-29 10:49:24 -------- d-----w- C:\Users\Jerome\AppData\Local\{4501A7AB-8576-464A-B7CA-A45EFD0A786E}
2012-05-28 19:35:11 -------- d-----w- C:\Users\Jerome\AppData\Local\{7AE1EC11-B94A-4F52-8771-5CD359DC6A98}
2012-05-28 19:33:43 -------- d-----w- C:\Users\Jerome\AppData\Local\{67DF243D-87FA-4626-A99D-7300F3C3667E}
2012-05-26 14:40:49 -------- d-----w- C:\windows\en
2012-05-26 14:35:15 48488 ----a-w- C:\windows\System32\drivers\fssfltr.sys
2012-05-26 14:32:15 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\582122ce1cd3b4c02\MeshBetaRemover.exe
2012-05-26 14:32:12 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\568c78df1cd3b4c01\DSETUP.dll
2012-05-26 14:32:12 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\568c78df1cd3b4c01\DXSETUP.exe
2012-05-26 14:32:12 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\568c78df1cd3b4c01\dsetup32.dll
2012-05-26 14:30:19 -------- d-----w- C:\Users\Jerome\AppData\Local\{FD5080C4-74F5-428D-A497-18404FC23714}
2012-05-26 14:30:08 -------- d-----w- C:\Users\Jerome\AppData\Local\{AF321CEE-45B0-4FD7-818E-1B33C97AE818}
2012-05-25 22:59:51 1892184 ----a-w- C:\windows\SysWow64\D3DX9_42.dll
2012-05-25 22:57:28 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2012-05-25 22:57:20 -------- d-----w- C:\Program Files (x86)\Winamp Toolbar
2012-05-25 22:56:59 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2012-05-25 22:55:44 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
.
==================== Find3M ====================
.
2012-06-12 14:50:58 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-12 14:50:58 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-24 14:47:56 24448 ----a-w- C:\windows\System32\RegistryDefragBootTime.exe
2012-05-21 01:25:46 8769696 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-05-09 03:36:14 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-05-09 03:35:59 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-05-09 03:24:11 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-05-09 03:24:11 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-19 00:56:30 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2012-04-07 12:31:40 3216384 ----a-w- C:\windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\windows\SysWow64\msi.dll
.
============= FINISH: 14:22:21.40 ===============

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Gringo: thanks a million for the speedy reply to my plight. Will follow your instructions as they are laid out and sent, as well as updates as to the state of affairs/repairs as I go along.

Thanks again.
Just A Guy.

Gringo: did a quick read through and as requested here's the txt file created by Security Check:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Will await next instructions.
Thanks. J-A-G.

OK No problem - I will be offline for a couple of hours but I will get to you soon



gringo

Gringo: thanks for the help so far - was off line for the past while- sorry, but did that scan as per your instructions,
Here's what there was:



ComboFix 12-06-27.01 - Jerome 27/06/2012 14:11:32.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3933.2447 [GMT -4:00]
Running from: c:\users\Jerome\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Web Assistant\ExTEnsion32.dll
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 18:22 . 2012-06-27 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 20:33 . 2012-06-23 22:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-23 17:48 . 2012-06-23 17:48 -------- d-----w- c:\programdata\SUPERSetup
2012-06-22 19:42 . 2012-06-23 17:48 -------- d-----w- c:\users\Jerome\AppData\Local\CrashDumps
2012-06-19 13:02 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 13:02 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 13:02 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 13:02 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 13:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 13:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 13:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 13:02 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 13:02 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 23:34 . 2012-06-18 23:34 -------- d-----w- c:\users\Jerome\AppData\Roaming\Norton Utilities
2012-06-18 23:31 . 2012-06-18 23:31 -------- d-----w- c:\programdata\Norton Installer
2012-06-18 23:31 . 2010-11-30 06:23 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2012-06-18 23:31 . 2010-11-30 06:24 191232 ----a-w- c:\windows\system32\drivers\SymDSMon.sys
2012-06-18 23:31 . 2010-11-30 06:24 163384 ----a-w- c:\windows\system32\drivers\SymSpeedDisk.sys
2012-06-18 23:31 . 2010-11-30 06:24 108800 ----a-w- c:\windows\SysWow64\drivers\SymSpeedDisk.sys
2012-06-18 23:31 . 2012-06-18 23:31 -------- d-----w- c:\program files (x86)\Common Files\Symantec
2012-06-18 23:31 . 2010-11-30 06:24 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2012-06-18 23:31 . 2010-11-30 06:24 506368 ----a-w- c:\windows\SysWow64\msxml.dll
2012-06-18 23:31 . 2010-11-30 06:24 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2012-06-18 23:31 . 2010-11-30 06:24 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
2012-06-18 23:31 . 2010-11-30 06:23 39784 ----a-w- c:\windows\system32\CleanMFT64.exe
2012-06-18 23:31 . 2012-06-22 14:24 -------- d-----w- c:\program files (x86)\Norton Utilities 15
2012-06-18 23:29 . 2012-06-18 23:29 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-06-18 23:11 . 2012-06-18 23:11 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-18 23:11 . 2012-06-18 23:11 -------- d-----w- c:\program files\Symantec
2012-06-18 23:11 . 2012-06-18 23:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-06-18 23:10 . 2012-06-18 23:28 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-06-18 23:10 . 2012-06-18 23:10 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-06-18 22:20 . 2012-06-18 23:27 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-06-18 15:49 . 2012-06-18 15:49 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-18 15:49 . 2012-06-18 15:49 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-18 15:00 . 2012-06-18 15:35 -------- d-----w- C:\sh4ldr
2012-06-18 14:59 . 2012-06-18 15:35 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-18 14:59 . 2012-06-18 14:59 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-13 14:02 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 16:09 . 2012-06-12 16:09 -------- d-----w- c:\users\Jerome\AppData\Local\Macromedia
2012-06-10 17:23 . 2012-06-10 17:24 -------- d-----w- C:\McAfee Stinger
2012-06-10 17:07 . 2012-06-10 17:07 -------- d-----w- C:\Autoruns
2012-06-08 16:42 . 2012-06-18 16:10 16200 ----a-w- c:\windows\stinger.sys
2012-06-08 16:42 . 2012-06-18 16:36 -------- d-----w- c:\program files (x86)\stinger
2012-06-08 02:11 . 2012-06-08 02:11 -------- dc----w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2012-06-08 01:59 . 2010-04-29 19:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 14:50 . 2012-03-30 01:04 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 14:50 . 2011-05-24 22:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-24 14:47 . 2011-12-07 21:44 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-21 01:25 . 2012-05-21 01:25 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-09 03:36 . 2012-05-09 03:36 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 03:35 . 2012-05-09 03:35 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 03:24 . 2012-05-09 03:24 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 03:24 . 2012-05-09 03:24 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe\0c:\progra~2\NORTON~3\Tools\SPEEDD~1\aDSBatch.exe /startup
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-10 27504]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-11-11 34160]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 aswKbd;aswKbd; [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120626.001\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2010-11-30 1029480]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2010-11-30 1037672]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-01 185856]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-18 138912]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2010-11-30 191232]
S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2010-11-30 163384]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 22:06]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 22:06]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2607825685-3791938369-1529888204-1001Core.job
- c:\users\Jerome\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 04:10]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2607825685-3791938369-1529888204-1001UA.job
- c:\users\Jerome\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 04:10]
.
2012-06-26 c:\windows\Tasks\NUSchedule.job
- c:\program files (x86)\Norton Utilities 15\nu.exe [2012-06-18 23:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2012-05-01 18:33 201728 ----a-w- c:\program files\Web Assistant\Extension64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 2320752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cbc.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = auto:blank
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\inqqs9oe.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - b2ab948000000000000070f1a1070dbd
FF - user.js: extensions.funmoods_i.instlDay - 15383
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1617:05
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyBTQtEV6&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - b2ab948000000000000070f1a1070dbd
FF - user.js: extensions.incredibar_i.instlDay - 15475
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:36
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyBTQtEV6
FF - user.js: extensions.incredibar_i.upn2n - 92261412224897836
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - (no file)
Toolbar-Locked - (no file)
SafeBoot-PskSvcRetail
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=hex:51,66,7a,6c,4c,1d,38,12,07,04,c9,
0f,40,b3,9a,0c,ed,70,a2,bb,05,11,09,9b
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,8e,76,
1a,82,e9,65,3d,9d,e9,17,af,a2,b0,e5,ab
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:15,87,52,a5,ef,2f,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,73,41,fb,59,e6,94,1d,4e,b5,40,8f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,73,41,fb,59,e6,94,1d,4e,b5,40,8f,\
.
[HKEY_USERS\S-1-5-21-2607825685-3791938369-1529888204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2607825685-3791938369-1529888204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-06-27 14:35:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 18:35
.
Pre-Run: 371,883,790,336 bytes free
Post-Run: 371,717,795,840 bytes free
.
- - End Of File - - DE9D6C8317D812A5AAC1A689E42A03D9


Seems to be running ok, although I haven`t really challenged it to get that incredibar to pop up - suggestions ? ideas? I hope/think this is the fix I need.Just let me know if the Combofix report showed that I missed anything.
Thanks again for the assist.
J-A-G.

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Will do - oh FYI, just before I got your email notice of the new changes/scans to do the thing (Mystart Incredibar) flipped on again. Will try the next fixes and let you know what happens.
Thanks
J-A-G

Gringo : It won't let me copy and past the Kaspersky report - suggestions?

Gringo: here's the report from aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-27 18:48:29
-----------------------------
18:48:29.036 OS Version: Windows x64 6.1.7601 Service Pack 1
18:48:29.036 Number of processors: 2 586 0x170A
18:48:29.037 ComputerName: JEROME-PC UserName: Jerome
18:48:32.534 Initialize success
18:48:38.671 AVAST engine defs: 12062701
18:48:48.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:48:48.862 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
18:48:48.908 Disk 0 MBR read successfully
18:48:48.912 Disk 0 MBR scan
18:48:48.920 Disk 0 Windows VISTA default MBR code
18:48:48.957 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:48:49.008 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464481 MB offset 3074048
18:48:49.178 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10958 MB offset 954331136
18:48:49.302 Disk 0 scanning C:\windows\system32\drivers
18:49:11.126 Service scanning
18:49:48.015 Modules scanning
18:49:48.029 Disk 0 trace - called modules:
18:49:48.062 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:49:48.069 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057be530]
18:49:48.074 3 CLASSPNP.SYS[fffff8800188c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004731050]
18:49:55.854 AVAST engine scan C:\windows
18:50:34.332 AVAST engine scan C:\windows\system32
18:56:13.588 AVAST engine scan C:\windows\system32\drivers
18:56:27.476 AVAST engine scan C:\Users\Jerome
19:14:56.747 AVAST engine scan C:\ProgramData
19:17:47.693 Scan finished successfully
19:46:03.391 Disk 0 MBR has been saved successfully to "C:\Users\Jerome\Desktop\MBR.dat"
19:46:03.419 The log file has been saved successfully to "C:\Users\Jerome\Desktop\aswMBR1.txt"


and I still can't cut and past the other one?
thanks

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened and the that I need posted back here
  • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
• Please post the contents of OTL.txt in your next reply.

Gringo

Gringo: here's the latest txt scan:

OTL logfile created on: 6/28/2012 10:30:12 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Jerome\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.84 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 56.43% Memory free
7.68 Gb Paging File | 6.01 Gb Available in Paging File | 78.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.59 Gb Total Space | 345.47 Gb Free Space | 76.16% Space Free | Partition Type: NTFS

Computer Name: JEROME-PC | User Name: Jerome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jerome\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SpeedDiskService) -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe (Symantec Corporation)
SRV - (DiskDoctorService) -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe (Symantec Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (aswKbd) -- C:\windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (SymDSMon) -- C:\Windows\SysNative\drivers\SymDSMon.sys (Symantec Corporation)
DRV:64bit: - (SYMSpeedDisk) -- C:\Windows\SysNative\drivers\SymSpeedDisk.sys (Symantec Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120627.036\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120627.036\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120627.001\IDSviA64.sys (Symantec Corporation)
DRV - (SYMSpeedDisk) -- C:\Windows\SysWOW64\drivers\SymSpeedDisk.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = auto:blank
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2607825685-3791938369-1529888204-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
IE - HKU\S-1-5-21-2607825685-3791938369-1529888204-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2607825685-3791938369-1529888204-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2607825685-3791938369-1529888204-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_enCA382
IE - HKU\S-1-5-21-2607825685-3791938369-1529888204-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2607825685-3791938369-1529888204-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jerome\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jerome\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/15 00:35:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/01 19:42:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/15 00:35:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/06/18 19:11:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/06/28 09:46:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 23:59:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/01 19:42:19 | 000,000,000 | ---D | M]

[2010/06/01 23:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerome\AppData\Roaming\Mozilla\Extensions
[2012/06/12 16:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\inqqs9oe.default\extensions
[2012/03/14 16:24:21 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\inqqs9oe.default\extensions\firefox@ghostery.com
[2012/02/13 18:05:51 | 000,001,798 | ---- | M] () -- C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\inqqs9oe.default\searchplugins\funmoods.xml
[2012/06/17 23:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/17 11:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/23 20:53:37 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES (X86)\IOBIT TOOLBAR\FF
[2012/05/15 00:35:52 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012/06/28 09:46:17 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN
[2012/06/18 19:11:48 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jerome\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jerome\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jerome\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0\npbrowserext.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Web Assistant = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0\
CHR - Extension: Browser Capability = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadgncflclgppldajdlmglcbodpfhpon\1.0_0\
CHR - Extension: Settings = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgdddaddoobhekenhpjbmfdbfbgdikid\1.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Norton Identity Protection = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
CHR - Extension: Gmail = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Web Assistant = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0\
CHR - Extension: Browser Capability = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadgncflclgppldajdlmglcbodpfhpon\1.0_0\
CHR - Extension: Settings = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgdddaddoobhekenhpjbmfdbfbgdikid\1.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Norton Identity Protection = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
CHR - Extension: Gmail = C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/27 14:27:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2607825685-3791938369-1529888204-1001\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2607825685-3791938369-1529888204-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2607825685-3791938369-1529888204-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2607825685-3791938369-1529888204-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41DB8353-13B2-4899-BF63-F9B7E1F9F744}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/21 19:00:55 | 000,000,000 | ---- | M] () - C:\Autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/06/10 13:07:08 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O34 - HKLM BootExecute: (C:\PROGRA~2\NORTON~3\Tools\SPEEDD~1\aDSBatch.exe /startup)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2607825685-3791938369-1529888204-1001\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/28 10:25:54 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Jerome\Desktop\OTL.exe
[2012/06/27 14:47:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/27 14:08:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/06/27 14:08:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/06/27 14:08:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/06/27 14:07:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/27 14:07:10 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/06/27 14:04:32 | 004,570,514 | R--- | C] (Swearware) -- C:\Users\Jerome\Desktop\ComboFix.exe
[2012/06/25 10:47:12 | 000,000,000 | ---D | C] -- C:\Users\Jerome\Desktop\LMCC 2 results
[2012/06/24 21:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jerome\Desktop\acls
[2012/06/24 14:03:35 | 000,000,000 | ---D | C] -- C:\Users\Jerome\Desktop\Bleeping computer downloads
[2012/06/23 16:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/23 13:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/06/22 15:42:04 | 000,000,000 | ---D | C] -- C:\Users\Jerome\AppData\Local\CrashDumps
[2012/06/19 09:02:58 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2012/06/19 09:02:58 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012/06/19 09:02:57 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012/06/19 09:02:38 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012/06/19 09:02:37 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012/06/19 09:02:37 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012/06/19 09:02:16 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012/06/19 09:02:16 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2012/06/18 19:34:43 | 000,000,000 | ---D | C] -- C:\Users\Jerome\AppData\Roaming\Norton Utilities
[2012/06/18 19:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton Installer
[2012/06/18 19:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 15
[2012/06/18 19:31:19 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml4a.dll
[2012/06/18 19:31:18 | 000,191,232 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SymDSMon.sys
[2012/06/18 19:31:18 | 000,163,384 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SymSpeedDisk.sys
[2012/06/18 19:31:18 | 000,108,800 | ---- | C] (Symantec Corporation) -- C:\windows\SysWow64\drivers\SymSpeedDisk.sys
[2012/06/18 19:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec
[2012/06/18 19:31:16 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBox210.ocx
[2012/06/18 19:31:16 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBox10.ocx
[2012/06/18 19:31:16 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml.dll
[2012/06/18 19:31:16 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBoxVB12.ocx
[2012/06/18 19:31:12 | 000,000,000 | ---D | C] -- C:\Users\Jerome\Documents\UnErase
[2012/06/18 19:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Utilities 15
[2012/06/18 19:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/06/18 19:24:21 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1307010.005\symefa64.sys
[2012/06/18 19:24:21 | 000,737,912 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys
[2012/06/18 19:24:21 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1307010.005\symds64.sys
[2012/06/18 19:24:21 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1307010.005\symnets.sys
[2012/06/18 19:24:21 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1307010.005\ironx64.sys
[2012/06/18 19:24:21 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.sys
[2012/06/18 19:24:21 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys
[2012/06/18 19:24:17 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1307010.005
[2012/06/18 19:12:04 | 000,000,000 | ---D | C] -- C:\Users\Jerome\Documents\Symantec
[2012/06/18 19:11:36 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/06/18 19:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/06/18 19:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/06/18 19:10:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2012/06/18 19:10:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/06/18 19:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012/06/18 18:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/06/18 11:49:10 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012/06/18 11:49:09 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012/06/18 11:00:32 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/06/18 10:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/06/17 23:59:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/17 23:52:13 | 000,000,000 | ---D | C] -- C:\Users\Jerome\Desktop\yeah
[2012/06/13 11:09:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/06/13 11:09:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/06/13 11:09:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/06/13 11:09:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/06/13 11:09:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/06/13 11:09:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/06/13 11:09:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/06/13 11:09:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/06/13 11:09:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/06/13 11:09:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/06/13 11:09:10 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/06/13 11:09:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/06/13 11:09:08 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/06/13 10:02:44 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/06/13 10:02:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/06/13 10:02:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/06/13 10:02:40 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/06/13 10:02:37 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/06/13 10:02:36 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/06/13 10:02:28 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2012/06/13 10:02:20 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/06/13 10:02:17 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/06/12 16:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/12 12:09:13 | 000,000,000 | ---D | C] -- C:\Users\Jerome\AppData\Local\Macromedia
[2012/06/11 16:54:28 | 000,000,000 | ---D | C] -- C:\Users\Jerome\Desktop\torrents
[2012/06/11 14:26:57 | 000,000,000 | ---D | C] -- C:\Users\Jerome\AppData\Local\{F42F5662-518F-4B30-84E2-B5FEBBE64138}
[2012/06/11 14:26:47 | 000,000,000 | ---D | C] -- C:\Users\Jerome\AppData\Local\{C3C46319-0F40-4D15-8127-1D6BEA18CD45}
[2012/06/11 09:45:39 | 000,000,000 | ---D | C] -- C:\Users\Jerome\Desktop\torrent files
[2012/06/10 13:23:57 | 000,000,000 | ---D | C] -- C:\McAfee Stinger
[2012/06/10 13:07:07 | 000,000,000 | ---D | C] -- C:\Autoruns
[2012/06/08 12:42:59 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\windows\stinger.sys
[2012/06/08 12:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/06/07 22:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2012/06/07 21:59:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2012/06/01 17:45:29 | 000,000,000 | ---D | C] -- C:\Users\Jerome\AppData\Local\{F9837DCB-35F9-46B1-918C-DB23FCDF75B7}
[2012/06/01 17:44:10 | 000,000,000 | ---D | C] -- C:\Users\Jerome\AppData\Local\{4E880B1D-ED5D-469C-AE62-5CF5194B7C65}
[2012/06/01 13:06:28 | 000,000,000 | ---D | C] -- C:\Users\Jerome\AppData\Local\{18E5C6F9-DFC1-46E1-B2FF-F5BE4435A91B}
[2012/05/31 11:28:33 | 000,000,000 | ---D | C] -- C:\Users\Jerome\AppData\Local\{B60BF513-17F3-46AC-8445-3717CB4CD17B}
[2012/05/31 11:27:51 | 000,000,000 | ---D | C] -- C:\Users\Jerome\AppData\Local\{3AB524CA-CE56-4EB1-B409-5C2998A7715C}
[2012/05/31 10:27:42 | 000,000,000 | ---D | C] -- C:\Users\Jerome\AppData\Local\{070076B4-0144-4F74-81E3-2F9B6A871035}
[2012/05/30 08:16:46 | 000,000,000 | ---D | C] -- C:\Users\Jerome\AppData\Local\{BD064C23-D103-46FE-817C-9EF16FE1F020}
[2012/05/30 08:15:50 | 000,000,000 | ---D | C] -- C:\Users\Jerome\AppData\Local\{CE2C80A1-C652-47B2-8291-328EB7A6FE87}
[2012/05/30 07:57:27 | 000,000,000 | ---D | C] -- C:\Users\Jerome\AppData\Local\{519B6940-7B4B-4ACC-8A1E-9F983CBB027D}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/28 10:36:02 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2607825685-3791938369-1529888204-1001UA.job
[2012/06/28 10:32:01 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/28 10:25:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jerome\Desktop\OTL.exe
[2012/06/28 09:53:47 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 09:53:47 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 09:50:51 | 000,779,266 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/28 09:50:51 | 000,664,992 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/28 09:50:51 | 000,125,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/28 09:45:26 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/28 09:45:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/28 09:45:09 | 3092,942,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/27 19:54:34 | 000,000,262 | ---- | M] () -- C:\windows\tasks\NUSchedule.job
[2012/06/27 14:27:52 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/06/27 14:05:07 | 004,570,514 | R--- | M] (Swearware) -- C:\Users\Jerome\Desktop\ComboFix.exe
[2012/06/27 13:36:22 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2607825685-3791938369-1529888204-1001Core.job
[2012/06/26 20:22:02 | 001,415,523 | ---- | M] () -- C:\Users\Jerome\Documents\2009_5_352.pdf
[2012/06/24 19:03:47 | 000,003,072 | ---- | M] () -- C:\windows\SysWow64\Cache.db
[2012/06/24 14:02:28 | 000,000,000 | ---- | M] () -- C:\Users\Jerome\defogger_reenable
[2012/06/23 16:58:35 | 000,001,364 | ---- | M] () -- C:\windows\wininit.ini
[2012/06/22 15:33:06 | 004,964,352 | ---- | M] () -- C:\Users\Jerome\s-1-5-21-2607825685-3791938369-1529888204-1001.rrr
[2012/06/19 09:03:09 | 002,118,021 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\Cat.DB
[2012/06/18 19:31:22 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Norton Utilities 15.lnk
[2012/06/18 19:27:57 | 000,002,463 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/06/18 19:24:37 | 000,008,942 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\VT20120410.034
[2012/06/18 19:11:36 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/06/18 19:11:36 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/06/18 19:11:36 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/06/18 18:56:34 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/06/18 12:10:47 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\windows\stinger.sys
[2012/06/18 11:49:10 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012/06/18 11:49:10 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012/06/18 10:54:03 | 000,007,610 | ---- | M] () -- C:\Users\Jerome\AppData\Local\Resmon.ResmonCfg
[2012/06/17 23:59:26 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/13 11:28:39 | 000,376,088 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/06/12 10:50:58 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/06/12 10:50:58 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/12 08:18:51 | 000,002,419 | ---- | M] () -- C:\Users\Jerome\Desktop\Google Chrome.lnk
[2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2012/06/02 18:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012/06/02 18:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012/06/02 18:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012/06/02 18:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/27 14:08:45 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/06/27 14:08:45 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/06/27 14:08:45 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/06/27 14:08:45 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/06/27 14:08:45 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/06/26 20:22:02 | 001,415,523 | ---- | C] () -- C:\Users\Jerome\Documents\2009_5_352.pdf
[2012/06/24 19:01:07 | 000,003,072 | ---- | C] () -- C:\windows\SysWow64\Cache.db
[2012/06/24 14:02:28 | 000,000,000 | ---- | C] () -- C:\Users\Jerome\defogger_reenable
[2012/06/23 16:58:32 | 000,001,364 | ---- | C] () -- C:\windows\wininit.ini
[2012/06/18 19:50:03 | 004,964,352 | ---- | C] () -- C:\Users\Jerome\s-1-5-21-2607825685-3791938369-1529888204-1001.rrr
[2012/06/18 19:32:17 | 000,000,262 | ---- | C] () -- C:\windows\tasks\NUSchedule.job
[2012/06/18 19:31:22 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Norton Utilities 15.lnk
[2012/06/18 19:31:16 | 000,039,784 | ---- | C] () -- C:\windows\SysNative\CleanMFT64.exe
[2012/06/18 19:26:36 | 002,118,021 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\Cat.DB
[2012/06/18 19:25:27 | 000,008,942 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\VT20120410.034
[2012/06/18 19:24:21 | 000,007,496 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\symds64.cat
[2012/06/18 19:24:21 | 000,007,468 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.cat
[2012/06/18 19:24:21 | 000,007,462 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\srtspx64.cat
[2012/06/18 19:24:21 | 000,007,460 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\symefa64.cat
[2012/06/18 19:24:21 | 000,007,458 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\symnet64.cat
[2012/06/18 19:24:21 | 000,007,458 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\srtsp64.cat
[2012/06/18 19:24:21 | 000,007,450 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\iron.cat
[2012/06/18 19:24:21 | 000,003,434 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\symefa.inf
[2012/06/18 19:24:21 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\symds.inf
[2012/06/18 19:24:21 | 000,001,441 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\symnet.inf
[2012/06/18 19:24:21 | 000,001,437 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\srtsp64.inf
[2012/06/18 19:24:21 | 000,001,419 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\srtspx64.inf
[2012/06/18 19:24:21 | 000,000,853 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.inf
[2012/06/18 19:24:21 | 000,000,772 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\iron.inf
[2012/06/18 19:24:17 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\isolate.ini
[2012/06/18 19:11:36 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/06/18 19:11:36 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/06/18 19:11:32 | 000,002,463 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/06/17 23:59:26 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/17 23:59:26 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/01 19:30:29 | 000,202,614 | ---- | C] () -- C:\windows\hpoins18.dat
[2012/02/01 19:30:29 | 000,005,355 | ---- | C] () -- C:\windows\hpomdl18.dat
[2011/08/31 14:22:41 | 000,000,100 | ---- | C] () -- C:\Users\Jerome\AppData\Roaming\wklnhst.dat
[2011/08/03 16:14:17 | 000,000,000 | ---- | C] () -- C:\Users\Jerome\AppData\Local\{A5291196-FED0-47E6-BA76-CCACE4727A40}
[2011/08/01 14:45:15 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/06/14 17:29:30 | 000,000,000 | ---- | C] () -- C:\Users\Jerome\AppData\Local\{684E3C62-AC6B-4F8E-9468-53F5B81059E3}
[2011/03/30 16:59:05 | 000,007,610 | ---- | C] () -- C:\Users\Jerome\AppData\Local\Resmon.ResmonCfg
[2010/11/11 21:07:40 | 000,003,584 | ---- | C] () -- C:\Users\Jerome\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/30 20:02:59 | 000,788,548 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/06/13 22:22:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:D3A96964
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D287FACF

< End of report >


Hope this helps.
So far today nothing bad has happened - the day is still early though.
J-A-G

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

• Double-click OTL.exe to start the program.
• Copy and Paste the following code into the textbox. Do not include the word Code
  

  :OTL
  FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
  FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
  FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
  O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
  O18:64bit: - Protocol\Handler\livecall - No CLSID value found
  O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
  O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
  O18:64bit: - Protocol\Handler\msnim - No CLSID value found
  O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
  O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
  O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
  O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
  O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - File not found
  O37 - HKU\S-1-5-21-2607825685-3791938369-1529888204-1001\...com [@ = ComFile] -- Reg Error: Key error. File not found
  @Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:D3A96964
  @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
  @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D287FACF  
  IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
  IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
  IE - HKU\S-1-5-21-2607825685-3791938369-1529888204-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
  [2012/02/13 18:05:51 | 000,001,798 | ---- | M] () -- C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\inqqs9oe.default\searchplugins\funmoods.xml
  O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
  O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
  O3 - HKU\S-1-5-21-2607825685-3791938369-1529888204-1001\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
  :Files
  ipconfig /flushdns /c
  :Commands
  [PURITY]
  [emptyjava]
  [EMPTYFLASH]
  

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Gringo: here's what the log reports once your fix has been run:
when I hit- fix - it shut down the window I had and ran the fix- less than a minute later it gave me this log, no reboot done.
So, what did I have, is it gone, what did I do - etc.
Thanks in advance,
J-A-G

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2607825685-3791938369-1529888204-1001_Classes\.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2607825685-3791938369-1529888204-1001_Classes\ComFile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
ADS C:\ProgramData\TEMP:D3A96964 deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:D287FACF deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-21-2607825685-3791938369-1529888204-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll not found.
C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\inqqs9oe.default\searchplugins\funmoods.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll not found.
Registry value HKEY_USERS\S-1-5-21-2607825685-3791938369-1529888204-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jerome\Desktop\Bleeping computer downloads\cmd.bat deleted successfully.
C:\Users\Jerome\Desktop\Bleeping computer downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Jerome
->Java cache emptied: 2076758 bytes

User: Public

Total Java Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Jerome
->Flash cache emptied: 5427 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06282012_145829

Greetings


restart the computer and give me status update on the computer


gringo

Gingo: seems to be working fine now - running through the usual web sites for news, etc, and it hasn't flipped yet.
Will keep an eye on it for the next little while and let you know if there are any changes.
Suggestions for preserving the calm and order?
Thanks
J-A-G.