PDA

View Full Version : Second computer



bernardr
2014-05-08, 07:03
Thank you for looking into machine # 2!

One thing that's wrong with this machine is sometimes Firefox just hangs when I try to go to a new site, and to fix it I need to close FF, go to task manager and kill the FF process because it is still running. But I don't think this would be caused by malware, or could it?


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16866 BrowserJavaVersion: 10.51.2
Run by Bernard at 19:55:50 on 2014-05-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4407 [GMT -7:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\vVX6000.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
C:\Users\Bernard\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Users\Bernard\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\prevhost.exe
C:\Windows\explorer.exe
C:\Windows\system32\calc.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\spoolsv.exe
C:\Users\Bernard\Dropbox\Personal\CARDFILE.EXE
C:\Users\Bernard\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
uRun: [KeePass Password Safe 2] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe"
uRun: [googletalk] C:\Users\Bernard\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [AdobeBridge] <no file>
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [bdinstaller] "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Bernard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bernard\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcDcToday.ocx
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstBanr.ocx
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstFred.ocx
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcPreview.ocx
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{041EEC34-A86A-4661-9BBA-AABA612CACD2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{041EEC34-A86A-4661-9BBA-AABA612CACD2}\4656C6C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{ADA03FF5-F0D3-48C2-A3D2-EF7B82C0F845} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [VX6000] C:\Windows\vVX6000.exe
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe"
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\u4l1dgtk.default-1381774561577\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/|https://dentatususa.com/typo3/
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\Bernard\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Users\Bernard\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-8 75904]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-8 38016]
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-10-12 893440]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-10-12 150256]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-2 55856]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-10-12 93600]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-10-12 103504]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-8 203264]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-11-25 5093216]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2013-10-12 67320]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-1-8 116752]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-1-9 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-10-12 635392]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2011-1-8 1705600]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-8 349800]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-8 38456]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/01/08 16:24:00;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-1-8 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2013-10-12 82824]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-1-8 1002848]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-3 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\System32\drivers\VX6000Xp.sys [2010-5-20 2143600]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-2 1255736]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-11-20 69392]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-05-06 22:44:11 -------- d-----w- C:\Users\Bernard\AppData\Roaming\DropboxMaster
2014-05-03 15:26:00 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-03 15:22:49 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-03 15:22:49 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-03 15:22:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-03 15:22:13 -------- d-----w- C:\Users\Bernard\AppData\Local\Programs
2014-04-19 21:57:41 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-04-19 21:57:41 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-04-19 21:57:41 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-04-19 21:57:41 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-04-19 21:57:41 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-04-19 21:57:41 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-04-19 21:57:40 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-04-19 21:57:40 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-04-19 21:57:40 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-04-09 21:02:01 -------- d-----w- C:\Program Files (x86)\Ffmpeg For Audacity
.
==================== Find3M ====================
.
2014-04-03 16:50:58 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-13 06:33:30 2238976 ----a-w- C:\Windows\System32\wininet.dll
2014-03-13 06:32:03 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-13 06:31:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-13 06:31:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-03-13 05:10:47 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-13 05:09:43 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-13 05:09:39 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-13 05:09:39 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-03-13 04:57:03 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-13 04:47:33 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-13 03:59:47 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-03-13 03:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
.
============= FINISH: 19:56:32.59 ===============



aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-05-07 20:06:56
-----------------------------
20:06:56.515 OS Version: Windows x64 6.1.7601 Service Pack 1
20:06:56.515 Number of processors: 6 586 0xA00
20:06:56.516 ComputerName: BERNARD-HP UserName: Bernard
20:07:00.188 Initialize success
20:08:10.120 AVAST engine defs: 14050701
20:08:23.441 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
20:08:23.441 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 11
20:08:23.591 Disk 0 MBR read successfully
20:08:23.591 Disk 0 MBR scan
20:08:23.621 Disk 0 unknown MBR code
20:08:23.631 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:08:23.651 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1417380 MB offset 206848
20:08:23.691 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13317 MB offset 2903001088
20:08:23.761 Disk 0 scanning C:\Windows\system32\drivers
20:08:37.073 Service scanning
20:08:40.564 Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5
20:08:40.594 Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
20:09:00.465 Modules scanning
20:09:00.485 Disk 0 trace - called modules:
20:09:00.535 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
20:09:00.545 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b29790]
20:09:00.555 3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> [0xfffffa80075aeac0]
20:09:00.575 5 amd_xata.sys[fffff880011388b4] -> nt!IofCallDriver -> \Device\00000055[0xfffffa80075a99c0]
20:09:03.026 AVAST engine scan C:\Windows
20:09:07.166 AVAST engine scan C:\Windows\system32
20:12:22.364 AVAST engine scan C:\Windows\system32\drivers
20:12:36.995 AVAST engine scan C:\Users\Bernard
20:37:54.247 AVAST engine scan C:\ProgramData
20:39:17.086 Scan finished successfully
21:02:30.437 Disk 0 MBR has been saved successfully to "C:\Users\Bernard\Desktop\MBR.dat"
21:02:30.447 The log file has been saved successfully to "C:\Users\Bernard\Desktop\aswMBR.txt"

ken545
2014-05-09, 14:42
Great, lets just clean you up a bit

You can try setting Firefox back to defaults


Open Firefox
Click on Help > Troubleshooting Information > Reset Firefox to its default state






Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.

http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM-2.jpg

When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.







OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

bernardr
2014-05-09, 19:29
Good morning, here goes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: Fri. May. 9 2014
Scan Time: 9:07:12 AM
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.09.08
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bernard

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 238327
Time Elapsed: 1 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)




< End of report >

bernardr
2014-05-09, 19:29
OTL logfile created on: Fri. May. 9 2014 9:12:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bernard\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16866)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: ddd. MMM. d yyy

8.00 Gb Total Physical Memory | 5.26 Gb Available Physical Memory | 65.77% Memory free
16.00 Gb Paging File | 10.54 Gb Available in Paging File | 65.87% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.16 Gb Total Space | 1098.46 Gb Free Space | 79.36% Space Free | Partition Type: NTFS
Drive D: | 13.00 Gb Total Space | 1.57 Gb Free Space | 12.05% Space Free | Partition Type: NTFS

Computer Name: BERNARD-HP | User Name: Bernard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bernard\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Bernard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Users\Bernard\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
PRC - C:\Users\Bernard\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Windows\vVX6000.exe (Microsoft Corporation
)
PRC - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - c:\Users\Bernard\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy8tj_o.dll ()
MOD - C:\Users\Bernard\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Bernard\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
MOD - C:\Users\Bernard\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Bernard\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)
SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\822\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (CLKMSVC10_C6F09094) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe (CyberLink)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)
DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)
DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC)
DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (BdfNdisf) -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (VX6000) -- C:\Windows\SysNative\drivers\VX6000Xp.sys (Microsoft Corporation
)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir3.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bernard\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bernard\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Bernard\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2013/10/01 12:45:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/09/02 19:37:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/02 09:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/02 09:56:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2013/10/12 15:10:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/04/30 08:33:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/10/01 12:45:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/02 09:56:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/02 09:56:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/04/30 08:33:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2013/04/11 15:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Extensions
[2013/04/11 15:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2014/05/09 08:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\r58ymg35.default-1399649936312\extensions
[2013/04/11 15:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Sunbird\Profiles\mez3aaj4.default\extensions
[2014/05/02 09:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/05/02 09:56:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2014/05/02 09:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/02 09:56:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/12/09 10:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bernard\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bernard\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bernard\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Bernard\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Gmail = C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/09/02 19:04:14 | 000,007,514 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 3dns-5.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 167 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [bdinstaller] C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe (Bitdefender)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001..\Run: [Amazon Cloud Player] C:\Users\Bernard\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001..\Run: [AmazonMP3DownloaderHelper] C:\Users\Bernard\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001..\Run: [googletalk] C:\Users\Bernard\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001..\Run: [KeePass Password Safe 2] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bernard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstFred.ocx (InstaFred)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{041EEC34-A86A-4661-9BBA-AABA612CACD2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADA03FF5-F0D3-48C2-A3D2-EF7B82C0F845}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ab79f5b1-ead3-11e1-8057-64315046328d}\Shell - "" = AutoRun
O33 - MountPoints2\{ab79f5b1-ead3-11e1-8057-64315046328d}\Shell\AutoRun\command - "" = L:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{cb927785-0ee3-11e1-aa1c-64315046328d}\Shell - "" = AutoRun
O33 - MountPoints2\{cb927785-0ee3-11e1-aa1c-64315046328d}\Shell\AutoRun\command - "" = L:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/09 08:39:03 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Desktop\Old Firefox Data
[2014/05/07 19:55:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/05/07 19:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/05/07 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/05/06 15:44:11 | 000,000,000 | ---D | C] -- C:\Users\Bernard\AppData\Roaming\DropboxMaster
[2014/05/03 08:26:00 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/03 08:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security
[2014/05/03 08:22:49 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/03 08:22:49 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/03 08:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/03 08:22:13 | 000,000,000 | ---D | C] -- C:\Users\Bernard\AppData\Local\Programs
[2014/05/02 09:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/04/30 08:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/04/28 09:14:39 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Desktop\Anew video
[2014/04/27 19:07:25 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Documents\Adobe
[2014/04/27 13:45:12 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Desktop\16Gb thumbdrive
[2014/04/24 11:30:09 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Desktop\Dentists
[2014/04/19 14:58:55 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/19 14:58:55 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/19 14:58:55 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/19 14:58:55 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/19 14:58:55 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/19 14:58:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/19 14:58:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/19 14:58:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/04/19 14:58:48 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/19 14:58:48 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/04/19 14:58:45 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/04/19 14:58:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/04/19 14:58:45 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/04/19 14:58:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/04/19 14:58:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/19 14:58:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/19 14:58:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/19 14:57:41 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/19 14:57:41 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/19 14:57:41 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/19 14:57:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/19 14:57:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/19 14:57:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/19 14:57:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/19 14:57:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/19 14:57:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/19 14:57:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/09 14:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ffmpeg For Audacity
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/09 09:06:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/09 09:05:11 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/09 08:16:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1021766330-840367976-3078613847-1001UA.job
[2014/05/09 06:33:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/09 06:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/09 05:16:15 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1021766330-840367976-3078613847-1001Core.job
[2014/05/08 09:58:31 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/08 09:58:31 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/07 10:54:05 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBernard.job
[2014/05/06 15:44:14 | 000,001,057 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/04 17:27:53 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/04 17:27:53 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/04 17:27:53 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/03 06:49:38 | 2146,918,399 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/30 17:56:20 | 000,002,072 | ---- | M] () -- C:\Users\Bernard\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/04/29 18:42:29 | 007,978,514 | ---- | M] () -- C:\Users\Bernard\Desktop\Audio1.flv
[2014/04/29 08:55:05 | 007,902,367 | ---- | M] () -- C:\Users\Bernard\Desktop\MainAnew2.flv
[2014/04/28 16:30:12 | 007,885,027 | ---- | M] () -- C:\Users\Bernard\Desktop\MainAnew1.flv
[2014/04/24 12:13:19 | 000,001,456 | ---- | M] () -- C:\Users\Bernard\AppData\Local\Adobe Save for Web 12.0 Prefs
[2014/04/23 09:13:24 | 000,000,132 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/04/18 21:19:13 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBERNARD-HP$.job
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/29 18:41:09 | 007,978,514 | ---- | C] () -- C:\Users\Bernard\Desktop\Audio1.flv
[2014/04/29 08:53:50 | 007,902,367 | ---- | C] () -- C:\Users\Bernard\Desktop\MainAnew2.flv
[2014/04/28 14:17:22 | 007,885,027 | ---- | C] () -- C:\Users\Bernard\Desktop\MainAnew1.flv
[2014/04/24 12:13:19 | 000,001,456 | ---- | C] () -- C:\Users\Bernard\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/10/12 15:48:33 | 000,420,957 | ---- | C] () -- C:\ProgramData\1381617433.bdinstall.bin
[2013/10/12 15:20:44 | 000,221,021 | ---- | C] () -- C:\ProgramData\1381616320.bdinstall.bin
[2013/03/08 11:46:44 | 000,113,224 | ---- | C] () -- C:\Users\Bernard\g2ax_customer_downloadhelper_win32_x86.exe
[2013/01/14 15:24:56 | 000,000,132 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2013/01/09 15:15:01 | 000,395,037 | ---- | C] () -- C:\ProgramData\1357769657.bdinstall.bin
[2013/01/09 15:13:12 | 000,425,918 | ---- | C] () -- C:\ProgramData\1357769181.bdinstall.bin
[2012/08/31 16:17:53 | 000,103,272 | ---- | C] () -- C:\Users\Bernard\GoToAssistDownloadHelper.exe
[2012/08/29 10:09:36 | 000,007,598 | ---- | C] () -- C:\Users\Bernard\AppData\Local\Resmon.ResmonCfg
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/04 11:57:12 | 000,000,132 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/02/17 10:49:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/01/21 12:30:11 | 000,000,132 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/20 16:02:11 | 000,000,058 | ---- | C] () -- C:\Users\Bernard\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011/10/24 10:53:38 | 000,004,096 | -H-- | C] () -- C:\Users\Bernard\AppData\Local\keyfile3.drm

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/23 12:20:18 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Amazon
[2014/04/28 12:10:22 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Audacity
[2012/03/13 10:17:37 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Autodesk
[2013/10/12 15:40:55 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Bitdefender
[2012/01/20 16:02:11 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DonationCoder
[2014/05/09 09:13:17 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Dropbox
[2014/05/06 15:44:12 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DropboxMaster
[2012/01/21 20:49:37 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Emerge Desktop
[2013/11/21 17:38:42 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\FileZilla
[2011/09/13 11:22:39 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Foxit Software
[2014/04/27 19:01:07 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\HandBrake
[2011/09/09 10:17:21 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\IrfanView
[2014/05/02 18:36:39 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\KeePass
[2011/11/10 13:05:23 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Leadertech
[2012/01/16 14:15:44 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\MediaMonkey
[2011/09/09 17:44:34 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\NewspaperDirect
[2012/06/22 09:48:36 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Notepad++
[2012/12/18 16:19:48 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\OpenOffice.org
[2011/12/05 15:01:19 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\OverDrive
[2013/01/09 15:06:55 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\QuickScan
[2012/08/01 13:28:52 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Samsung
[2011/10/13 14:28:44 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/03/08 10:38:46 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Stamps.com Internet Postage
[2012/01/15 20:27:33 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\SumatraPDF
[2012/02/23 12:10:03 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\TagJet
[2013/04/08 09:38:09 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\TeamViewer
[2011/09/01 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Thunderbird
[2013/05/20 17:02:01 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Tracker Software
[2011/10/05 09:07:46 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >

bernardr
2014-05-09, 19:30
OTL Extras logfile created on: Fri. May. 9 2014 9:12:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bernard\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16866)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: ddd. MMM. d yyy

8.00 Gb Total Physical Memory | 5.26 Gb Available Physical Memory | 65.77% Memory free
16.00 Gb Paging File | 10.54 Gb Available in Paging File | 65.87% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.16 Gb Total Space | 1098.46 Gb Free Space | 79.36% Space Free | Partition Type: NTFS
Drive D: | 13.00 Gb Total Space | 1.57 Gb Free Space | 12.05% Space Free | Partition Type: NTFS

Computer Name: BERNARD-HP | User Name: Bernard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1021766330-840367976-3078613847-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A89C57-C7C9-4C6F-9F15-E19410C7328D}" = rport=445 | protocol=6 | dir=out | app=system |
"{08ECE49E-2CF0-42BC-8973-97D37AC649B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0B993663-5C73-4079-B957-7928CAF4D05C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{11D1E9B0-8978-418C-A926-D97C07813A75}" = lport=139 | protocol=6 | dir=in | app=system |
"{1D718CB5-4371-4321-8491-12B77CD8565A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1DE2B6D0-4891-4FBC-8099-708D8C2D84D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F604DD6-1104-4FEE-83D2-4666C12FB867}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{254A0369-C250-4BBE-85E1-613DEBA83AC3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{42627997-FB13-4509-9905-4B5461C5F7C4}" = rport=139 | protocol=6 | dir=out | app=system |
"{568E1E6E-0458-4251-AD29-1D16AF05B7B5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{58B14C31-96E2-4D86-9019-2281CB6ABA4E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5ED8D51B-003F-4B6B-AD02-EB5C61E9A7AA}" = lport=138 | protocol=17 | dir=in | app=system |
"{60780BEE-D747-43E4-8BEB-8B39D259B391}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7573D1E9-3365-4275-80D4-9C693980F0CB}" = rport=137 | protocol=17 | dir=out | app=system |
"{7D107BF5-A533-4E9C-83A3-4A22BAA787D9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7D7A52A2-19FF-4660-A035-16C95ACCF79F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{9AAE1EA6-6478-4F2A-B6DA-C034C7CA8791}" = lport=137 | protocol=17 | dir=in | app=system |
"{9BBFC21A-D7B5-4CA8-8790-82C515E06D6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C96A038A-5D0B-4096-BAF9-5210B6807FF6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{CA952BEB-DDCD-44B6-A90A-47CA1F869527}" = lport=445 | protocol=6 | dir=in | app=system |
"{D233F303-DC21-43DD-B39F-8C2C313335AD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D7F246A6-AB52-4896-BE02-DAFC72D4DF6F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0DB3217-1876-4447-BCD7-AF4180B75CC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E67D780F-A5ED-4A5E-81C6-310BD2580670}" = rport=138 | protocol=17 | dir=out | app=system |
"{FEA604BB-F8FA-4E60-9C56-754CEC1E4A5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D7F690-FCCB-4F72-94A0-2B9230F6AFD4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0B152091-3E1A-4BF1-B02B-AAC0C3CEE53F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{100BA90E-AEA4-45A1-9FCA-3B3C8EEE4265}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{19DF3938-C34E-4C44-9758-B93624B9E668}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1CF9BDC4-05DC-4956-8C96-3C76D6AB8E37}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1D7CF34E-D322-4CFE-AA5B-B298977C3F57}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1FD97032-95A0-4939-98C5-7BE73E65367F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{2994205B-FFFF-49DD-874A-FD91233E051B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35DAD6AE-5FDA-452D-B880-CC036B50BB4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39C6E191-1A47-4564-A59B-79ED3F4551AC}" = protocol=6 | dir=in | app=c:\users\bernard\appdata\roaming\dropbox\bin\dropbox.exe |
"{4392EEDC-F2A9-41C4-95A1-F48F0FAFAD9E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{4DC2031D-21F1-4735-8371-A35E1428E8BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{567A33B2-DB3C-4924-886C-023B8D25E929}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{57E19F2E-7CC9-4741-879D-90FC9E4F6B0F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A496895-A5DA-48A0-AD21-4DCF42A3A479}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5BC924B9-D8A6-4CDC-9BCD-AD1B47FD1C07}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{5F9BC921-4F8F-4A84-B1CA-E7317B019A8C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{61244D2C-C90D-4D8C-98BE-D3288C9D6215}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{66E1442C-9387-4FC9-924E-C663DF2FA2B8}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{6C910862-EEC9-4720-A588-376090C84F6E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6E22A6BA-DC1A-44CE-9D1A-3A4A7A8A101F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{72F70124-C190-4D84-AE65-9A1F32DB81CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{77470479-DC5A-47E6-83F5-311EC83FC218}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{783D772F-2F61-4CCB-994D-595C21256A4D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{7A15E62B-46CA-403A-BF67-F1BBC4CFCCB1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{7A384305-ADE9-4765-9825-1DD689712AB4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7BD1EC6E-A1F2-4B9B-9637-822FE8B47AFF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{8095A0F2-4A39-47DD-963F-36B4B820C980}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{83A0CAD0-4410-400A-A035-C2F400A71603}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{861C3152-277F-402B-883F-211DFEE16487}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{8F52DE42-FB32-43C8-8487-203D0C730B5F}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{9056FFC0-2F90-4AA0-8504-7F859097C197}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{93F2721A-84E2-4726-8DC3-3D64EB2017F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9786C551-4290-4DBE-AEAB-248AF6AB2697}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{9E97D470-C6B2-45BB-B5B4-8ABFB40CC3A9}" = protocol=6 | dir=out | app=system |
"{A88C4F15-12DE-4EAE-9A31-D95ED0984A17}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A980ADE1-1830-46EC-8629-62F8045E811C}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{ABC8A504-6E81-48FA-B625-AC67ABC19F1E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{B286DB46-F3B9-4473-8685-230422222764}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{B2EDCC3D-AAE9-4A56-8344-41005E0405C1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B934E091-D0D9-4648-A0B7-38D9D47E688F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B9FC1F29-DC7D-444C-A999-4D46BBF64EB1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{D0705B3A-38A4-41CC-95FE-AC3ABA8E585A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{D2144950-0929-40E0-ABBE-9CD7724293C8}" = protocol=17 | dir=in | app=c:\users\bernard\appdata\roaming\dropbox\bin\dropbox.exe |
"{D44F080D-0111-4FD4-A680-65A188241790}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{D4BD5C83-025A-4D9B-AD61-79C54E876380}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D84545BF-7914-4E36-ACFF-F614388A8021}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DAACCED7-692C-4841-A471-A0E094E52DB2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DBD9553F-B41E-4F4B-A6F7-9493D056E7D5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DDF915C3-1A5C-496E-9704-3CD054C9989A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{DF6BE066-857E-4A07-98C3-F3A1441A1597}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E1B5CA84-BB61-47B6-88B8-185301B85C34}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{E6BA1AC3-3D1F-46DF-9F3F-5276FD3382D4}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{F09C9056-B133-4148-AE02-5CA2EC00E6B0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{F2024CC4-9382-4BA0-91A0-58B80637A673}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7E762CE-D86A-4BB3-89C0-5BBA719F0E24}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
"{FE8BD3A4-1B10-40FC-9BEC-21BB0D4699B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{17769AA7-96E5-436F-945E-DE98BC293469}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{77BB81F5-C0DE-418F-BD70-A781904DF9DB}C:\users\bernard\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bernard\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{DB6F0E77-DAD5-4CF1-ADCF-C3FD0861835F}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{61E08123-F56A-4503-9454-3200BEFB7FA1}C:\users\bernard\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bernard\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{978E6B12-739A-4F00-8006-969A8F62E24D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{F01BA747-9F7F-47A6-86F6-49F9AFD218D1}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{3001791D-2CA6-6FE3-BE0F-8EA7522B32D4}" = ATI Catalyst Install Manager
"{3184267F-B0D9-0657-D705-0C700B481A18}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Bitdefender" = Bitdefender Internet Security 2013
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Logitech Gaming Software" = Logitech Gaming Software 8.50
"MeshLab_64b" = MeshLab_64b 1.3.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E59637F-DA32-E400-92F6-3E84DB1DFB8D}" = CCC Help Portuguese
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13FED2DC-8185-351F-72B2-C1CAB3A8860B}" = CCC Help Turkish
"{1826A2E3-22EE-ACC6-BB3A-80EEFF23167A}" = CCC Help Danish
"{1A66A9AD-7BC1-8E9C-25EE-A5C2B07FA59E}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 51
"{28CD5009-54CA-ED14-6A17-47803585FF5F}" = Catalyst Control Center Localization All
"{28D1AF2F-9574-DABC-BA08-72F3356960D2}" = CCC Help Polish
"{2A41AD80-C9C8-3CD0-2BEA-05731A9483DF}" = ccc-core-static
"{2C9CA30C-E2B7-0D3A-291D-4808973E6F8C}" = CCC Help Italian
"{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix
"{2F4C493B-28D8-5054-13E9-91F05903887B}" = CCC Help Dutch
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{38069E07-617C-8074-4F67-BAFFFBB7E7FA}" = CCC Help Spanish
"{3D4C2961-3353-4C56-B0B8-82AC1923695F}" = Catalyst Control Center - Branding
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{49DA021B-1C01-36D0-ABDF-3B9BED567EED}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4BDC0530-445B-47F2-36A0-758DE8903B44}" = CCC Help German
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5208F7DB-9DAA-E5CA-EEC3-1B004D66A8EB}" = CCC Help Chinese Standard
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002
"{58F095F8-3F66-528A-0BF6-DF1A7B304EC0}" = CCC Help Korean
"{5E38ABC5-71C2-04D8-62F0-C44B53E7DED8}" = Catalyst Control Center Graphics Previews Vista
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}" = AMD System Monitor
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{751D221F-7C37-C83F-1973-A1F92A0F4DF6}" = HydraVision
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{913E7600-FA3A-B125-1EA6-391D59C258F6}" = CCC Help Czech
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{959DFE5E-B55F-4A0A-9E71-2970C98C3164}" = CCC Help Russian
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AEDD629-A40E-5EB1-2E70-E84DDE915C16}" = CCC Help Norwegian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AEDDD2D4-0BE7-71D9-2091-9F8AA4A4806D}" = Catalyst Control Center InstallProxy
"{B31D9B68-A844-191A-C652-4EA715A8CD92}" = CCC Help French
"{B3435D6A-B061-D8E5-C9AD-2D63C823C50C}" = CCC Help Swedish
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BE05B1E6-3C47-32DC-113B-7DB85FD6BE75}" = CCC Help Hungarian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6FD5FE2-3635-0C15-6D3C-95FCAA51A3CE}" = CCC Help Greek
"{C78083CB-9E9B-43C8-BAAB-DB5042D6B4F9}" = EKTS
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9742D19-38EE-B2BE-5902-44130C4008FA}" = CCC Help Japanese
"{DBF625A1-9F84-1533-E08E-D1EBBE5001DD}" = Catalyst Control Center Graphics Previews Common
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE6E96CA-AD23-BBD7-4304-B6D4EA0F1933}" = CCC Help Thai
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E141B1E0-BA8A-750F-4106-FC6AAB8950E0}" = CCC Help English
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnswerWorks" = AnswerWorks Runtime
"Audacity_is1" = Audacity 2.0
"AudibleDownloadManager" = Audible Download Manager
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Digital Editions" = Adobe Digital Editions
"Emerge Desktop" = Emerge Desktop, replacement shell (remove only)
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"FileZilla Client" = FileZilla Client 3.7.3
"GoToAssist" = GoToAssist Corporate
"HandBrake" = HandBrake 0.9.8
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.16
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Mozilla Firefox 29.0 (x86 en-US)" = Mozilla Firefox 29.0 (x86 en-US)
"Mozilla Thunderbird 24.5.0 (x86 en-US)" = Mozilla Thunderbird 24.5.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"PROPLUS" = Microsoft Office Professional Plus 2007
"ScreenshotCaptor_is1" = Screenshot Captor 2.105.01
"SumatraPDF" = SumatraPDF
"TagJet" = TagJet 2.1
"TeamViewer 8" = TeamViewer 8
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 2.1.3
"Winamp" = Winamp

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1021766330-840367976-3078613847-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Amazon Amazon Cloud Player" = Amazon Cloud Player
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.18
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - Fri. May. 9 2014 9:32:29 AM | Computer Name = Bernard-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5023

Error - Fri. May. 9 2014 9:32:30 AM | Computer Name = Bernard-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - Fri. May. 9 2014 9:32:30 AM | Computer Name = Bernard-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6022

Error - Fri. May. 9 2014 9:32:30 AM | Computer Name = Bernard-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6022

Error - Fri. May. 9 2014 9:32:31 AM | Computer Name = Bernard-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - Fri. May. 9 2014 9:32:31 AM | Computer Name = Bernard-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7020

Error - Fri. May. 9 2014 9:32:31 AM | Computer Name = Bernard-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7020

Error - Fri. May. 9 2014 9:32:32 AM | Computer Name = Bernard-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - Fri. May. 9 2014 9:32:32 AM | Computer Name = Bernard-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8019

Error - Fri. May. 9 2014 9:32:32 AM | Computer Name = Bernard-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8019

[ Hewlett-Packard Events ]
Error - Sat. Oct. 27 2012 1:59:56 AM | Computer Name = Bernard-HP | Source = HPSF.exe | ID = 4000
Description =

Error - Sat. Oct. 27 2012 2:00:13 AM | Computer Name = Bernard-HP | Source = HPSF.exe | ID = 4000
Description =

Error - Sat. Oct. 27 2012 2:00:21 AM | Computer Name = Bernard-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Object
reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: HP.SupportFramework.Communicator

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8191 Ram Utilization: 10 TargetSite: Void closeConnection()


Error - Sat. Oct. 27 2012 12:09:45 PM | Computer Name = Bernard-HP | Source = hpsa_service.exe | ID = 2000
Description =

Error - Tue. Dec. 11 2012 2:59:27 PM | Computer Name = Bernard-HP | Source = HPSF.exe | ID = 4000
Description =

Error - Tue. Dec. 11 2012 3:00:38 PM | Computer Name = Bernard-HP | Source = HPSF.exe | ID = 4000
Description =

Error - Tue. Dec. 11 2012 3:01:27 PM | Computer Name = Bernard-HP | Source = HPSF.exe | ID = 4000
Description =

Error - Tue. Dec. 11 2012 3:03:31 PM | Computer Name = Bernard-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Object
reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: HP.SupportFramework.Communicator

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8191 Ram Utilization: TargetSite: Void closeConnection()


Error - Tue. Dec. 11 2012 3:03:51 PM | Computer Name = Bernard-HP | Source = HPSF.exe | ID = 4000
Description =

Error - Wed. Dec. 12 2012 4:03:43 PM | Computer Name = Bernard-HP | Source = HPSF.exe | ID = 4000
Description =

[ OSession Events ]
Error - Sat. Nov. 24 2012 12:57:02 PM | Computer Name = Bernard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1457
seconds with 300 seconds of active time. This session ended with a crash.

Error - Sat. Dec. 1 2012 1:17:00 PM | Computer Name = Bernard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 328867
seconds with 2220 seconds of active time. This session ended with a crash.

Error - Tue. Dec. 18 2012 1:30:31 PM | Computer Name = Bernard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 431415
seconds with 2880 seconds of active time. This session ended with a crash.

Error - Fri. Jan. 4 2013 1:12:05 PM | Computer Name = Bernard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 432538
seconds with 2280 seconds of active time. This session ended with a crash.

Error - Sat. May. 11 2013 4:25:04 PM | Computer Name = Bernard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 93883
seconds with 120 seconds of active time. This session ended with a crash.

Error - Wed. Jul. 3 2013 2:14:13 PM | Computer Name = Bernard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 523
seconds with 360 seconds of active time. This session ended with a crash.

Error - Sat. Jul. 20 2013 6:01:34 PM | Computer Name = Bernard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 63
seconds with 0 seconds of active time. This session ended with a crash.

Error - Wed. Sep. 4 2013 10:23:43 PM | Computer Name = Bernard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 91421
seconds with 1500 seconds of active time. This session ended with a crash.

Error - Thu. Jan. 23 2014 2:17:50 PM | Computer Name = Bernard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1609
seconds with 420 seconds of active time. This session ended with a crash.

Error - Wed. Feb. 12 2014 7:06:28 PM | Computer Name = Bernard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18986
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - Thu. May. 8 2014 4:46:18 PM | Computer Name = Bernard-HP | Source = bowser | ID = 8003
Description =

Error - Thu. May. 8 2014 5:22:21 PM | Computer Name = Bernard-HP | Source = bowser | ID = 8003
Description =

Error - Thu. May. 8 2014 5:46:22 PM | Computer Name = Bernard-HP | Source = bowser | ID = 8003
Description =

Error - Thu. May. 8 2014 6:22:26 PM | Computer Name = Bernard-HP | Source = bowser | ID = 8003
Description =

Error - Thu. May. 8 2014 6:58:32 PM | Computer Name = Bernard-HP | Source = bowser | ID = 8003
Description =

Error - Thu. May. 8 2014 7:22:32 PM | Computer Name = Bernard-HP | Source = bowser | ID = 8003
Description =

Error - Thu. May. 8 2014 7:58:36 PM | Computer Name = Bernard-HP | Source = bowser | ID = 8003
Description =

Error - Thu. May. 8 2014 8:34:38 PM | Computer Name = Bernard-HP | Source = bowser | ID = 8003
Description =

Error - Thu. May. 8 2014 8:58:39 PM | Computer Name = Bernard-HP | Source = bowser | ID = 8003
Description =

Error - Thu. May. 8 2014 9:34:42 PM | Computer Name = Bernard-HP | Source = bowser | ID = 8003
Description =


< End of report >

ken545
2014-05-09, 19:37
Looks like you have some unwanted PUP programs (Potentially Unwanted Programs)


Lets run AdwCleaner and post the log, then run OTL and post a new log please

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.




Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

bernardr
2014-05-09, 19:53
# AdwCleaner v3.207 - Report created 09/05/2014 at 09:46:29
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bernard - BERNARD-HP
# Running from : C:\Users\Bernard\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16866


-\\ Mozilla Firefox v29.0 (en-US)

[ File : C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\r58ymg35.default-1399649936312\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2535 octets] - [09/05/2014 09:44:14]
AdwCleaner[S0].txt - [2133 octets] - [09/05/2014 09:46:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2193 octets] ##########

ken545
2014-05-09, 23:16
Bernard, I need you to run a new scan with OTL and post the log please

bernardr
2014-05-09, 23:50
OTL logfile created on: Fri. May. 9 2014 1:41:35 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bernard\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16866)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: ddd. MMM. d yyy

8.00 Gb Total Physical Memory | 4.65 Gb Available Physical Memory | 58.08% Memory free
16.00 Gb Paging File | 11.50 Gb Available in Paging File | 71.87% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.16 Gb Total Space | 1098.75 Gb Free Space | 79.38% Space Free | Partition Type: NTFS
Drive D: | 13.00 Gb Total Space | 1.57 Gb Free Space | 12.05% Space Free | Partition Type: NTFS

Computer Name: BERNARD-HP | User Name: Bernard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bernard\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Users\Bernard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Users\Bernard\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\Users\Bernard\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Windows\vVX6000.exe (Microsoft Corporation
)
PRC - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - c:\Users\Bernard\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm3ey7k.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Users\Bernard\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Bernard\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
MOD - C:\Users\Bernard\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Bernard\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)
SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\822\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (CLKMSVC10_C6F09094) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe (CyberLink)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)
DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)
DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC)
DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (BdfNdisf) -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (VX6000) -- C:\Windows\SysNative\drivers\VX6000Xp.sys (Microsoft Corporation
)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir3.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bernard\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bernard\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Bernard\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2013/10/01 12:45:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/09/02 19:37:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/02 09:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/02 09:56:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2013/10/12 15:10:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/04/30 08:33:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/10/01 12:45:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/02 09:56:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/02 09:56:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/04/30 08:33:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2013/04/11 15:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Extensions
[2013/04/11 15:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2014/05/09 08:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\r58ymg35.default-1399649936312\extensions
[2013/04/11 15:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Sunbird\Profiles\mez3aaj4.default\extensions
[2014/05/02 09:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/05/02 09:56:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2014/05/02 09:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/02 09:56:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/12/09 10:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Gmail = C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/09/02 19:04:14 | 000,007,514 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 3dns-5.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 167 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [bdinstaller] C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe (Bitdefender)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001..\Run: [Amazon Cloud Player] C:\Users\Bernard\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001..\Run: [AmazonMP3DownloaderHelper] C:\Users\Bernard\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001..\Run: [googletalk] C:\Users\Bernard\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001..\Run: [KeePass Password Safe 2] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bernard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstFred.ocx (InstaFred)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{041EEC34-A86A-4661-9BBA-AABA612CACD2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADA03FF5-F0D3-48C2-A3D2-EF7B82C0F845}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1021766330-840367976-3078613847-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ab79f5b1-ead3-11e1-8057-64315046328d}\Shell - "" = AutoRun
O33 - MountPoints2\{ab79f5b1-ead3-11e1-8057-64315046328d}\Shell\AutoRun\command - "" = L:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{cb927785-0ee3-11e1-aa1c-64315046328d}\Shell - "" = AutoRun
O33 - MountPoints2\{cb927785-0ee3-11e1-aa1c-64315046328d}\Shell\AutoRun\command - "" = L:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/09 09:44:35 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/09 09:43:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/09 08:39:03 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Desktop\Old Firefox Data
[2014/05/07 19:55:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/05/07 19:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/05/07 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/05/06 15:44:11 | 000,000,000 | ---D | C] -- C:\Users\Bernard\AppData\Roaming\DropboxMaster
[2014/05/03 08:26:00 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/03 08:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security
[2014/05/03 08:22:49 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/03 08:22:49 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/03 08:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/03 08:22:13 | 000,000,000 | ---D | C] -- C:\Users\Bernard\AppData\Local\Programs
[2014/05/02 09:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/04/30 08:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/04/28 09:14:39 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Desktop\Anew video
[2014/04/27 19:07:25 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Documents\Adobe
[2014/04/27 13:45:12 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Desktop\16Gb thumbdrive
[2014/04/24 11:30:09 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Desktop\Dentists
[2014/04/19 14:58:55 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/19 14:58:55 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/19 14:58:55 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/19 14:58:55 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/19 14:58:55 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/19 14:58:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/19 14:58:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/19 14:58:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/04/19 14:58:48 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/19 14:58:48 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/04/19 14:58:45 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/04/19 14:58:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/04/19 14:58:45 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/04/19 14:58:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/04/19 14:58:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/19 14:58:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/19 14:58:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/19 14:57:41 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/19 14:57:41 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/19 14:57:41 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/19 14:57:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/19 14:57:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/19 14:57:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/19 14:57:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/19 14:57:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/19 14:57:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/19 14:57:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/09 14:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ffmpeg For Audacity
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/09 13:23:10 | 000,022,836 | ---- | M] () -- C:\Users\Bernard\Desktop\fox.JPG
[2014/05/09 13:16:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1021766330-840367976-3078613847-1001UA.job
[2014/05/09 13:06:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/09 12:03:33 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/09 09:56:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/09 09:56:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/09 09:49:24 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/09 09:48:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/09 09:48:19 | 2146,918,399 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/09 05:16:15 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1021766330-840367976-3078613847-1001Core.job
[2014/05/07 10:54:05 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBernard.job
[2014/05/06 15:44:14 | 000,001,057 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/04 17:27:53 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/04 17:27:53 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/04 17:27:53 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/30 17:56:20 | 000,002,072 | ---- | M] () -- C:\Users\Bernard\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/04/29 18:42:29 | 007,978,514 | ---- | M] () -- C:\Users\Bernard\Desktop\Audio1.flv
[2014/04/29 08:55:05 | 007,902,367 | ---- | M] () -- C:\Users\Bernard\Desktop\MainAnew2.flv
[2014/04/28 16:30:12 | 007,885,027 | ---- | M] () -- C:\Users\Bernard\Desktop\MainAnew1.flv
[2014/04/24 12:13:19 | 000,001,456 | ---- | M] () -- C:\Users\Bernard\AppData\Local\Adobe Save for Web 12.0 Prefs
[2014/04/23 09:13:24 | 000,000,132 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/04/18 21:19:13 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBERNARD-HP$.job
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/09 13:23:10 | 000,022,836 | ---- | C] () -- C:\Users\Bernard\Desktop\fox.JPG
[2014/04/29 18:41:09 | 007,978,514 | ---- | C] () -- C:\Users\Bernard\Desktop\Audio1.flv
[2014/04/29 08:53:50 | 007,902,367 | ---- | C] () -- C:\Users\Bernard\Desktop\MainAnew2.flv
[2014/04/28 14:17:22 | 007,885,027 | ---- | C] () -- C:\Users\Bernard\Desktop\MainAnew1.flv
[2014/04/24 12:13:19 | 000,001,456 | ---- | C] () -- C:\Users\Bernard\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/10/12 15:48:33 | 000,420,957 | ---- | C] () -- C:\ProgramData\1381617433.bdinstall.bin
[2013/10/12 15:20:44 | 000,221,021 | ---- | C] () -- C:\ProgramData\1381616320.bdinstall.bin
[2013/03/08 11:46:44 | 000,113,224 | ---- | C] () -- C:\Users\Bernard\g2ax_customer_downloadhelper_win32_x86.exe
[2013/01/14 15:24:56 | 000,000,132 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2013/01/09 15:15:01 | 000,395,037 | ---- | C] () -- C:\ProgramData\1357769657.bdinstall.bin
[2013/01/09 15:13:12 | 000,425,918 | ---- | C] () -- C:\ProgramData\1357769181.bdinstall.bin
[2012/08/31 16:17:53 | 000,103,272 | ---- | C] () -- C:\Users\Bernard\GoToAssistDownloadHelper.exe
[2012/08/29 10:09:36 | 000,007,598 | ---- | C] () -- C:\Users\Bernard\AppData\Local\Resmon.ResmonCfg
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/04 11:57:12 | 000,000,132 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/02/17 10:49:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/01/21 12:30:11 | 000,000,132 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/20 16:02:11 | 000,000,058 | ---- | C] () -- C:\Users\Bernard\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011/10/24 10:53:38 | 000,004,096 | -H-- | C] () -- C:\Users\Bernard\AppData\Local\keyfile3.drm

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/23 12:20:18 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Amazon
[2014/04/28 12:10:22 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Audacity
[2012/03/13 10:17:37 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Autodesk
[2013/10/12 15:40:55 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Bitdefender
[2012/01/20 16:02:11 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DonationCoder
[2014/05/09 09:51:07 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Dropbox
[2014/05/06 15:44:12 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DropboxMaster
[2012/01/21 20:49:37 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Emerge Desktop
[2013/11/21 17:38:42 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\FileZilla
[2011/09/13 11:22:39 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Foxit Software
[2014/04/27 19:01:07 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\HandBrake
[2011/09/09 10:17:21 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\IrfanView
[2014/05/02 18:36:39 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\KeePass
[2011/11/10 13:05:23 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Leadertech
[2012/01/16 14:15:44 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\MediaMonkey
[2011/09/09 17:44:34 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\NewspaperDirect
[2012/06/22 09:48:36 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Notepad++
[2012/12/18 16:19:48 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\OpenOffice.org
[2011/12/05 15:01:19 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\OverDrive
[2013/01/09 15:06:55 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\QuickScan
[2012/08/01 13:28:52 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Samsung
[2011/10/13 14:28:44 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/03/08 10:38:46 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Stamps.com Internet Postage
[2012/01/15 20:27:33 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\SumatraPDF
[2012/02/23 12:10:03 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\TagJet
[2013/04/08 09:38:09 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\TeamViewer
[2011/09/01 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Thunderbird
[2013/05/20 17:02:01 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Tracker Software
[2011/10/05 09:07:46 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >

bernardr
2014-05-09, 23:56
Hm, Extras.txt didn't open, and the only one I see (in downloads folder where otl.exe is) is the one I ran this morning.

Let me know if you need it, and how to find/make the new one

ken545
2014-05-10, 00:26
You will only get the extras on the first run of OTL so dont knock yourself out looking for it.

Log looks ok but lets clean it up some, after the fix let me know how your system is behaving and if your still having problems with FF


Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

bernardr
2014-05-10, 01:16
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bernard\Downloads\cmd.bat deleted successfully.
C:\Users\Bernard\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Administrator

User: All Users

User: Bernard
->Java cache emptied: 1285453 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 1.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 50789 bytes
->Temporary Internet Files folder emptied: 36876 bytes
->Flash cache emptied: 56502 bytes

User: All Users

User: Bernard
->Temp folder emptied: 537645 bytes
->Temporary Internet Files folder emptied: 297500190 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 107813758 bytes
->Google Chrome cache emptied: 13462314 bytes
->Flash cache emptied: 221172 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 107552 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 297090477 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95202 bytes
RecycleBin emptied: 20435242696 bytes

Total Files Cleaned = 20,172.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05092014_150942

Files\Folders moved on Reboot...
File\Folder C:\Users\Bernard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRC0002.tmp not found!
File\Folder C:\Users\Bernard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRC0003.tmp not found!
File\Folder C:\Users\Bernard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{D4A837EF-D44E-4E65-B80D-87F06D94402B}.tmp not found!
File\Folder C:\Users\Bernard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{23856B32-BFCF-4270-B099-967C28008CEA}.tmp not found!
File\Folder C:\Users\Bernard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{498FFDEC-35AD-47C2-BD9D-A49333F9572B}.tmp not found!
File\Folder C:\Users\Bernard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{943EB200-7C2A-4AAF-B8E9-49FE91C71823}.tmp not found!
File\Folder C:\Users\Bernard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B21A6FE0-8009-464F-895B-CC20C6A80B7B}.tmp not found!
File\Folder C:\Users\Bernard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CA5A9E14-94EC-45DE-8E26-E8D333D8B6AD}.tmp not found!
File\Folder C:\Users\Bernard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F80DE5B2-5684-4D13-9015-2642C9DFC6C5}.tmp not found!
C:\Users\Bernard\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\~bdD2B3.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

bernardr
2014-05-10, 01:28
Was there anything bad in Firefox?
And the fact that it sometimes hangs has nothing to do malware? (the only way to keep going is to exit and remove it from process in task manager)
ouch and I had some bootleg software that no longer runs ("trial time expired") :(

ken545
2014-05-10, 03:18
AdwCleaner removed a bad entry from FF. Lets set it back to defaults and see if it makes a difference


Open Firefox
Click on Help > Troubleshooting Information > Reset Firefox to its default state

bernardr
2014-05-10, 04:52
Ok, done. So there was bad stuff in my FF...

ken545
2014-05-10, 04:57
This is what AdwCleaner removed

-\\ Mozilla Firefox v29.0 (en-US)

[ File : C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\r58ymg35.default-1399649936312\prefs.js ]

How is FF behaving now ?

bernardr
2014-05-10, 05:10
Well, the "sex site" started by Thunderbird happened only one afternoon about 2 weeks ago, so I can't say anything new about that.

And do you think that FF hanging was caused by malware? That happens about once every couple of days.

ken545
2014-05-10, 13:57
As far as FF hanging, could be malware but it you set it back to defaults and with what AdwCleaner removed it should be fine, if you still have problems with it then just uninstall it and try reinstalling it

The latest version is 29
http://www.mozilla.org/en-US/firefox/29.0a2/system-requirements/

bernardr
2014-05-10, 17:51
Ok, Second Computer says Thank you! I'll post Third Computer later

I think I chose Malware Pro Trial while installing it because it did a scan by itself and came up with potential threads (install programs), see below, I click ignore? delete?


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: Sat. May. 10 2014
Scan Time: 7:45:52 AM
Logfile: May1014.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.10.03
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bernard

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 298687
Time Elapsed: 4 hr, 37 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
PUP.Optional.Spigot.A, C:\Users\Bernard\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe, , [0ab1361994e7bb7b4af7f23133ce1ae6],
PUP.Optional.OpenCandy, C:\Users\Bernard\Downloads\videora-ipod-600-setup.exe, , [b40789c6a7d4e0566524ca9bfb0926da],
PUP.Optional.DownloadAdmin, C:\Users\Bernard\Downloads\vlcmediaplayer-setup.exe, , [7d3ec887e5968caa61161af3976d25db],
PUP.Optional.OpenCandy, C:\Users\Bernard\Downloads\winamp5623_full_emusic-7plus_en-us(1).exe, , [9b20ea653c3fa19599f07fe6669e8080],
PUP.Optional.OpenCandy, C:\Users\Bernard\Downloads\winamp5623_full_emusic-7plus_en-us.exe, , [6d4e93bc17646ec8d6b35f06ba4a11ef],

Physical Sectors: 0
(No malicious items detected)


(end)

ken545
2014-05-10, 18:21
You need to remove those entries that Malwarebytes found. It looks like when you ran the Hyper scan on the 9th it didnt find anything but the Threat scan on the 10th did

After you run Malwarebytes again to remove those entries, run it again and make sure there all gone

bernardr
2014-05-10, 19:32
Oh yes, I meant to tell you and forgot that I was running the Hyper scan, b/c the scan on your screenshot wasn't available (Pro?). Anyway now it's all clear - right?

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: Sat. May. 10 2014
Scan Time: 9:17:08 AM
Logfile: May1014.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.10.07
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bernard

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 298546
Time Elapsed: 10 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

ken545
2014-05-10, 19:55
Looks good, how is your system behaving now, FF working any better ?

bernardr
2014-05-10, 20:02
So far no problem, will let you know over the next couple of days if it hangs again.

And the computer seems a bit faster, snappier. But maybe that's psychological?

ken545
2014-05-10, 20:38
This is why for what I do OTL is one of my tools of choice, if you look back over the fix logs, we had it clean out all your temp files and sometime a big buildup of those can slow a system down, it also reset your hosts file which sometimes can get clogged up. Lets keep an eye on this this one and post back in a few days and let me know how its going.

OTL is written by a malware fighter like me named OldTimer and he has some other tools that are really nice, you can use this one , run it maybe a few times a month and it will clean all those temp files out, I didn't need you to use it because I knew we where going to run a fix with OTL


http://whatthetech.com/ldtate/Images/TFC.PNG

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

bernardr
2014-05-12, 20:29
Good morning Ken,

I just ran TFC. Computer definitely snappier. Same improvement will be great on Third Computer (if you're still up for it) b/c that's the oldest computer, kind of slow, etc.

Btw thanks to recommend running TFC once in a while (TFC and not OTL, right?) I've been using up to now things like CCCleaner, Glary Utility, which you don't seem to recommend.

And FF still hangs: once yesterday and once today. I have to close it, and can't start it again b/c of msg: It's Already Running, so I have to kill the process. But I'm not sure it's malware... Seems more like maybe I click on 2 links at once... ?

ken545
2014-05-12, 20:56
Yes, just use TFC by Oldtimer

As far as FF, have you tried uninstalling it and reinstalling, if so try this



Open Firefox
Go to Help
Restart with Add-ons Disabled


Lets try and get this settled and then you can post for computer # 3

ken545
2014-05-12, 21:17
Open FF and go to Help Check for updates as FF 29.1 is now available

bernardr
2014-05-12, 22:54
Ok, I uninstalled and reinstalled FF to 29.0.1, restarted w/add-ons disabled, but then it asks safe mode or reset, I chose reset.

Let's see if it hangs again over the next 24-48 hours...

ken545
2014-05-12, 23:08
OK, keep me posted

Go to community support and see what they say
https://support.mozilla.org/en-US/products/firefox

bernardr
2014-05-13, 02:20
Just got the problem again, without doing anything special: just clicking on a link in an existing window... The exact message after closing FF (since FF was just hanging non-stop) is "ff is already running, but it is not responding. To open a new window, you must first close the existing Firefox process, or restart your system." Actually this time for the 1st time the process was listed twice, had to close them one by one.

There is a mozilla forum(s) about that message, but it's about getting that message when starting FF, not about it hanging before closing and then getting the message.

ken545
2014-05-13, 04:01
You know, I was a FF faithful for many years but but migrated over to Chome about 2 years ago and loving it. The other day I downloaded and installed FF 29 and I really am not that impressed.

So I think what I would do is just keep posting in the FF forum and see if there is a solution and if not just uninstall FF and be done with it. The reason I am saying this is there are many forums for computer problems and this one is just for Malware Removal.

So keep checking for a solutions on the FF forum, in the meantime I will close this thread maybe tomorrow and then your can post about Computer # 3

bernardr
2014-05-13, 17:25
Switch to chrome: of course, what was I thinking? thanks for the tip!

I'll start Third Computer post soon

ken545
2014-05-14, 14:07
OK, see you then

bernardr
2014-05-15, 18:22
Hi, I started next post Third Computer, see you there?

Bernard

ken545
2014-05-15, 18:52
OK, I will be gone for few hours , if no one else has taken it than I will when i return