All Programs Trying To Open With Adobe

Reggie15 · Dec 1, 2011

I have a similar problem toa couple of the other members regarding all my programs/files have changed their opening program to Adobe. All my desktop icons have also changed to the Adobe icon. i have run a Malaware check, which has come back clear. I have also just completed a OTL scan which I will paste the report below.

OTL logfile created on: 12/2/2011 4:13:18 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Knight\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.80 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 43.16% Memory free
7.60 Gb Paging File | 5.13 Gb Available in Paging File | 67.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.83 Gb Total Space | 390.12 Gb Free Space | 87.50% Space Free | Partition Type: NTFS
Drive D: | 19.63 Gb Total Space | 2.85 Gb Free Space | 14.53% Space Free | Partition Type: NTFS

Computer Name: KNIGHT-HP | User Name: Knight | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Knight\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe (Motorola, Inc.)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\SysWOW64\brss01a.exe (brother Industries Ltd)
PRC - C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe ()
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd)

========== Modules (No Company Name) ==========

MOD - C:\Users\Knight\AppData\Local\Temp\mProjector2783293641\Flash6MovieV2.3.1.1e.mvx ()
MOD - C:\Users\Knight\AppData\Local\Temp\mProjector2783293641\mPlayer.3.1.1e.dll ()
MOD - C:\Users\Knight\AppData\Local\Temp\mProjector2783293641\System.3.1.1e.mfx ()
MOD - C:\Users\Knight\AppData\Local\Temp\mProjector2783293641\File.3.1.1e.mfx ()
MOD - C:\Users\Knight\AppData\Local\Temp\mProjector2783293641\Registry.3.1.1e.mfx ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\PMC.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV:64bit: - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
SRV - (Brother XP spl Service) -- C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd)

========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys (Symantec Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20111114.002\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20111126.007\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20111126.007\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20111124.030\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:/ inemsn.com.au/
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 203.10.225.14:8080

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/09/29 08:51:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2011/09/29 08:52:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/29 08:52:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2011/10/05 09:56:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_3_6 [2011/12/02 03:29:55 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/11 08:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.107\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.107\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKCU..\Run: [Weather Tracker3] C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe ()
O4 - HKCU..\Run: [WorkForce 630(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBP.EXE /FU "C:\Windows\TEMP\E_SB155.tmp" /EF "HKCU" File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18484108-ACA1-4D73-8ABF-D35DC4DCFCD9}: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D6F1834-BA67-43F3-8FCC-BE2F0839B4F7}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

%SYSTEMDRIVE%\*.EXE%SYSTEMROOT%\*. /MP /S/MD5STARTEVENTLOG.DLLSCECLI.DLLNETLOGON.DLLCNGAUDIT.DLLSCECLT.DLLNTELOGON.DLLLOGEVENT.DLLIASTOR.SYSNVSTOR.SYSATAPI.SYSIDECHNDR.SYSVIASRAID.SYSAGP440.SYSVAXSCSI.SYSNVATABUS.SYSVIAMRAID.SYSNVATA.SYSNVGTS.SYSIASTORV.SYSVIPRT.SYS/MD5STOPCREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/02 03:38:32 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Malwarebytes
[2011/12/02 03:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/02 03:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/02 03:38:24 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/02 03:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/02 01:21:47 | 000,000,000 | ---D | C] -- C:\HP_TOOLS_mountHPSF
[2011/12/02 00:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
[2011/12/01 14:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
[2011/12/01 14:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\GamesBar
[2011/12/01 14:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesBar
[2011/11/26 23:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\The Mirror Mysteries
[2011/11/26 19:33:37 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\EscapeTheMuseum2
[2011/11/26 16:33:43 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Silverback Productions
[2011/11/26 16:29:28 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Oberon Media
[2011/11/26 16:29:18 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\I-play
[2011/11/26 16:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oberon Media SIDR
[2011/11/26 16:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
[2011/11/26 15:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2011/11/15 17:56:55 | 000,000,000 | R--D | C] -- C:\Users\Knight\Desktop\Plants vs Zombies
[2011/11/15 17:47:19 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/11/15 17:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2011/11/14 19:28:52 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Apple Computer
[2011/11/14 12:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/14 12:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/11/14 12:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/11/14 12:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/11/14 12:14:40 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\Apple
[2011/11/14 12:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/11/14 12:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/11/09 21:07:56 | 000,000,000 | R--D | C] -- C:\Users\Knight\Desktop\Epson
[2011/11/09 11:55:56 | 000,135,168 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBAPI.dll
[2011/11/09 11:55:56 | 000,110,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBDSCVR.dll
[2011/11/09 11:55:56 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EBAPI.dll
[2011/11/09 11:55:56 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBUtil.dll
[2011/11/09 11:55:56 | 000,055,808 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBSDKIF.dll
[2011/11/09 11:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2011/11/09 11:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2011/11/09 11:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2011/11/09 11:51:22 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\ABBYY
[2011/11/09 11:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
[2011/11/09 11:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
[2011/11/09 11:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2011/11/09 11:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY
[2011/11/09 11:48:45 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Epson
[2011/11/09 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2011/11/09 11:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2011/11/09 11:47:57 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppmon.dll
[2011/11/09 11:47:57 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppmon.dll
[2011/11/09 11:47:57 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppui.dll
[2011/11/09 11:47:57 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppui.dll
[2011/11/09 11:47:57 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enspres.dll
[2011/11/09 11:47:57 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enpres.dll
[2011/11/09 11:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2011/11/09 11:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2011/11/09 11:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2011/11/09 11:45:52 | 000,010,752 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL
[2011/11/09 11:45:44 | 000,118,784 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMGBP.DLL
[2011/11/09 11:45:41 | 000,088,064 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBGBP.DLL
[2011/11/09 11:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2011/11/09 11:45:16 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2011/11/09 11:45:16 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2011/11/09 11:45:16 | 000,017,408 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcdev.dll
[2011/11/09 11:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2011/11/09 11:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2011/11/07 13:36:07 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\LogMeIn Rescue Applet
[2011/11/03 15:10:30 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Azureus
[2011/11/03 15:08:55 | 000,000,000 | ---D | C] -- C:\Users\Knight\FrostWire
[2011/11/03 15:08:52 | 000,000,000 | ---D | C] -- C:\Users\Knight\.frostwire5
[2011/11/03 15:08:51 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\APN
[2011/11/03 15:08:46 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2011/11/03 15:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire 5

========== Files - Modified Within 30 Days ==========

[2011/12/02 03:40:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/02 03:38:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/02 03:36:58 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/02 03:36:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/02 03:29:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/02 03:29:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/02 03:29:37 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/01 23:52:47 | 000,001,204 | ---- | M] () -- C:\Users\Knight\Desktop\Casual Games.lnk
[2011/11/26 16:29:18 | 000,002,311 | ---- | M] () -- C:\Users\Knight\Desktop\Ultimate Adventures Bundle 4-in-1.lnk
[2011/11/26 16:28:48 | 000,001,192 | ---- | M] () -- C:\Users\Knight\Desktop\iPlay Games.lnk
[2011/11/23 13:30:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/11/22 12:21:08 | 000,001,210 | ---- | M] () -- C:\Users\Knight\Desktop\PlantsVsZombies - Shortcut.lnk
[2011/11/20 12:18:30 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKnight.job
[2011/11/18 12:25:09 | 000,029,721 | ---- | M] () -- C:\Users\Knight\Documents\payform3.pdf
[2011/11/18 12:24:26 | 000,029,781 | ---- | M] () -- C:\Users\Knight\Documents\payform2.pdf
[2011/11/18 12:23:38 | 000,029,519 | ---- | M] () -- C:\Users\Knight\Documents\payform.pdf
[2011/11/17 12:40:58 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/11/15 17:30:06 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/15 17:30:06 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/15 17:30:06 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/14 12:19:02 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/10 10:04:21 | 000,427,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 11:53:54 | 000,000,306 | ---- | M] () -- C:\Windows\setup.iss
[2011/11/07 13:19:02 | 000,007,605 | ---- | M] () -- C:\Users\Knight\AppData\Local\Resmon.ResmonCfg
[2011/11/04 13:05:52 | 000,611,510 | ---- | M] () -- C:\Users\Knight\Documents\SSO - Ordering from the Wing.pdf
[2011/11/04 13:03:03 | 001,181,123 | ---- | M] () -- C:\Users\Knight\Documents\AAFC Uniform Catalogue.pdf
[2011/11/04 13:01:17 | 000,010,324 | ---- | M] () -- C:\Users\Knight\Documents\DPCU CONVERSION CHART.pdf
[2011/11/04 12:59:24 | 000,015,844 | ---- | M] () -- C:\Users\Knight\Documents\How to use C-LOG.pdf
[2011/11/03 15:08:46 | 000,001,247 | ---- | M] () -- C:\Users\Knight\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.2.3.lnk
[2011/11/03 15:08:46 | 000,001,223 | ---- | M] () -- C:\Users\Knight\Desktop\FrostWire 5.2.3.lnk

========== Files Created - No Company Name ==========

[2011/12/02 03:38:27 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/01 23:52:47 | 000,001,204 | ---- | C] () -- C:\Users\Knight\Desktop\Casual Games.lnk
[2011/11/26 16:29:18 | 000,002,311 | ---- | C] () -- C:\Users\Knight\Desktop\Ultimate Adventures Bundle 4-in-1.lnk
[2011/11/26 16:28:48 | 000,001,192 | ---- | C] () -- C:\Users\Knight\Desktop\iPlay Games.lnk
[2011/11/23 13:30:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/11/22 12:21:08 | 000,001,210 | ---- | C] () -- C:\Users\Knight\Desktop\PlantsVsZombies - Shortcut.lnk
[2011/11/18 12:25:09 | 000,029,721 | ---- | C] () -- C:\Users\Knight\Documents\payform3.pdf
[2011/11/18 12:24:26 | 000,029,781 | ---- | C] () -- C:\Users\Knight\Documents\payform2.pdf
[2011/11/18 12:23:38 | 000,029,519 | ---- | C] () -- C:\Users\Knight\Documents\payform.pdf
[2011/11/14 12:19:02 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/14 12:14:39 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/09 11:53:42 | 000,000,306 | ---- | C] () -- C:\Windows\setup.iss
[2011/11/07 13:19:02 | 000,007,605 | ---- | C] () -- C:\Users\Knight\AppData\Local\Resmon.ResmonCfg
[2011/11/04 13:05:52 | 000,611,510 | ---- | C] () -- C:\Users\Knight\Documents\SSO - Ordering from the Wing.pdf
[2011/11/04 13:03:03 | 001,181,123 | ---- | C] () -- C:\Users\Knight\Documents\AAFC Uniform Catalogue.pdf
[2011/11/04 13:01:17 | 000,010,324 | ---- | C] () -- C:\Users\Knight\Documents\DPCU CONVERSION CHART.pdf
[2011/11/04 12:59:24 | 000,015,844 | ---- | C] () -- C:\Users\Knight\Documents\How to use C-LOG.pdf
[2011/11/03 15:08:46 | 000,001,247 | ---- | C] () -- C:\Users\Knight\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.2.3.lnk
[2011/11/03 15:08:46 | 000,001,223 | ---- | C] () -- C:\Users\Knight\Desktop\FrostWire 5.2.3.lnk
[2011/10/03 22:31:58 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/10/03 22:31:58 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/10/03 22:31:37 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2011/10/03 22:31:36 | 000,000,462 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/10/03 22:31:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/10/03 22:27:20 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/09/29 08:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/29 08:28:10 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/09/29 08:23:39 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/09/29 08:21:58 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/09/29 08:21:58 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/09/29 08:21:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/09/29 08:21:57 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/09/29 08:21:45 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/09/29 08:21:45 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/12/17 03:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/07/28 19:08:42 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/07/20 14:42:46 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/20 13:43:13 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010/06/15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/02/10 12:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\Temp:797ED8B2
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:9373B271
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EEB25EAE
< End of report >

starbuck · Dec 1, 2011

Hi Reggie and welcome to CHF.

Step 1
Uninstall Adobe
This should return everything back to normal.

Step 2

[2011/11/03 15:08:55 | 000,000,000 | ---D | C] -- C:\Users\Knight\FrostWire
Click to expand...

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

Step 3
You didn't submit the extras.txt from OTL.

Let's get a fresh set after removing Adobe

Double click on OTL to run it.

Under Extra Registry section, select Use SafeList.

Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.

Click on Run Scan at the top left hand corner.

When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

In your next reply, please submit:
Both reports from OTL
and let me know if things returned to normal after removing Adobe

Thanks.

Reggie15 · Dec 5, 2011

I deleted the Adobe and the Frostwire programs from ny computer. When I deleted the Adobe, my computer came back to normal, but when I tried to reinstall it, the problem came straight back again.
Please find below a copy of the reports once I had redone the scan.

OTL logfile created on: 12/5/2011 7:12:00 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Knight\Documents
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.80 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 55.89% Memory free
7.60 Gb Paging File | 5.58 Gb Available in Paging File | 73.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.83 Gb Total Space | 388.89 Gb Free Space | 87.23% Space Free | Partition Type: NTFS
Drive D: | 19.63 Gb Total Space | 2.85 Gb Free Space | 14.53% Space Free | Partition Type: NTFS

Computer Name: KNIGHT-HP | User Name: Knight | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/04 21:04:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Knight\Documents\OTL.exe
PRC - [2011/11/02 02:24:46 | 000,616,088 | ---- | M] (Oberon Media ) -- C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
PRC - [2011/08/11 07:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
PRC - [2011/05/21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/06/30 13:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/06/30 12:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/06/25 16:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/05/01 12:21:14 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/05/01 12:21:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/04/24 12:42:36 | 000,625,416 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010/04/14 14:13:52 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
PRC - [2010/04/10 10:54:38 | 001,441,544 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/07/22 00:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brss01a.exe
PRC - [2009/07/17 16:53:10 | 002,888,403 | ---- | M] () -- C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2004/06/14 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brsvc01a.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/05 17:18:38 | 000,192,512 | ---- | M] () -- C:\Users\Knight\AppData\Local\Temp\mProjector2783293641\Flash6MovieV2.3.1.1e.mvx
MOD - [2011/12/05 17:18:38 | 000,027,136 | ---- | M] () -- C:\Users\Knight\AppData\Local\Temp\mProjector2783293641\System.3.1.1e.mfx
MOD - [2011/12/05 17:18:38 | 000,012,288 | ---- | M] () -- C:\Users\Knight\AppData\Local\Temp\mProjector2783293641\File.3.1.1e.mfx
MOD - [2011/12/05 17:18:38 | 000,011,776 | ---- | M] () -- C:\Users\Knight\AppData\Local\Temp\mProjector2783293641\Registry.3.1.1e.mfx
MOD - [2011/12/05 17:18:32 | 000,126,976 | ---- | M] () -- C:\Users\Knight\AppData\Local\Temp\mProjector2783293641\mPlayer.3.1.1e.dll
MOD - [2010/06/17 06:48:34 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/06/17 06:48:32 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/06/17 06:48:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/07/17 16:53:10 | 002,888,403 | ---- | M] () -- C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/29 08:28:20 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/05/13 19:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/09/09 19:26:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/30 05:52:12 | 004,181,256 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2010/06/19 10:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/18 16:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/05/21 07:28:14 | 000,677,128 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2010/05/21 07:28:12 | 001,096,968 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2010/04/24 12:42:40 | 000,445,192 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/02/24 01:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 21:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011/09/29 08:28:19 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/11 07:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/05/21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/13 04:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/30 13:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/02 09:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/01 12:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/01 12:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/04/04 10:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 01:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2004/06/14 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\brsvc01a.exe -- (Brother XP spl Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/02 07:58:50 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/09/27 11:38:11 | 001,084,024 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/09 10:38:05 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/03 13:22:10 | 000,729,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/08/03 13:22:10 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/07/26 13:18:39 | 000,401,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/26 13:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/26 13:15:52 | 000,189,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/05/13 19:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 19:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/04/21 17:46:54 | 001,360,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/17 03:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/09 19:45:34 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/09 18:52:50 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/28 19:10:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/07/28 19:10:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/30 04:12:26 | 003,232,768 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2010/06/25 16:32:52 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/18 16:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/05/07 00:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/05/01 12:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010/04/14 03:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/10 10:53:04 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2010/03/05 16:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/12 09:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/10/27 07:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 08:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 08:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 08:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 07:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/11 07:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/12/05 12:00:38 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111204.007\ex64.sys -- (NAVEX15)
DRV - [2011/12/05 12:00:38 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111204.007\eng64.sys -- (NAVENG)
DRV - [2011/12/01 16:21:40 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111202.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/23 23:08:44 | 001,156,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111123.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 19:15:46 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 19:15:46 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1472162788-2038955080-3275637360-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKU\S-1-5-21-1472162788-2038955080-3275637360-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:/ inemsn.com.au/
IE - HKU\S-1-5-21-1472162788-2038955080-3275637360-1001\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1472162788-2038955080-3275637360-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1472162788-2038955080-3275637360-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 203.10.225.14:8080

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/09/29 08:51:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2011/09/29 08:52:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/29 08:52:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2011/12/03 10:11:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2011/12/05 17:18:29 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/11 08:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.109\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.109\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-1472162788-2038955080-3275637360-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1472162788-2038955080-3275637360-1001\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1472162788-2038955080-3275637360-1001..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKU\S-1-5-21-1472162788-2038955080-3275637360-1001..\Run: [Weather Tracker3] C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe ()
O4 - HKU\S-1-5-21-1472162788-2038955080-3275637360-1001..\Run: [WorkForce 630(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBP.EXE /FU "C:\Windows\TEMP\E_SB155.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D6F1834-BA67-43F3-8FCC-BE2F0839B4F7}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/05 11:51:45 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/04 21:04:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Knight\Documents\OTL.exe
[2011/12/04 20:54:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/04 12:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildTangent Games
[2011/12/02 16:44:49 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Blue Tea Games
[2011/12/02 08:01:41 | 000,000,000 | ---D | C] -- C:\Users\Knight\Documents\Symantec
[2011/12/02 07:54:34 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/12/02 03:38:32 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Malwarebytes
[2011/12/02 03:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/02 03:38:24 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/02 03:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/02 00:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
[2011/12/01 14:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
[2011/12/01 14:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\GamesBar
[2011/12/01 14:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesBar
[2011/11/26 23:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\The Mirror Mysteries
[2011/11/26 19:33:37 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\EscapeTheMuseum2
[2011/11/26 16:33:43 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Silverback Productions
[2011/11/26 16:29:28 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Oberon Media
[2011/11/26 16:29:18 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\I-play
[2011/11/26 16:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oberon Media SIDR
[2011/11/26 16:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
[2011/11/26 15:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2011/11/15 17:56:55 | 000,000,000 | R--D | C] -- C:\Users\Knight\Desktop\Plants vs Zombies
[2011/11/15 17:47:19 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/11/15 17:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2011/11/14 19:28:52 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Apple Computer
[2011/11/14 12:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/14 12:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/11/14 12:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/11/14 12:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/11/14 12:14:40 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\Apple
[2011/11/14 12:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/11/14 12:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/11/09 21:07:56 | 000,000,000 | R--D | C] -- C:\Users\Knight\Desktop\Epson
[2011/11/09 11:55:56 | 000,135,168 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBAPI.dll
[2011/11/09 11:55:56 | 000,110,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBDSCVR.dll
[2011/11/09 11:55:56 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EBAPI.dll
[2011/11/09 11:55:56 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBUtil.dll
[2011/11/09 11:55:56 | 000,055,808 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBSDKIF.dll
[2011/11/09 11:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2011/11/09 11:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2011/11/09 11:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2011/11/09 11:51:22 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\ABBYY
[2011/11/09 11:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
[2011/11/09 11:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
[2011/11/09 11:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2011/11/09 11:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY
[2011/11/09 11:48:45 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Epson
[2011/11/09 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2011/11/09 11:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2011/11/09 11:47:57 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppmon.dll
[2011/11/09 11:47:57 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppmon.dll
[2011/11/09 11:47:57 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppui.dll
[2011/11/09 11:47:57 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppui.dll
[2011/11/09 11:47:57 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enspres.dll
[2011/11/09 11:47:57 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enpres.dll
[2011/11/09 11:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2011/11/09 11:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2011/11/09 11:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2011/11/09 11:45:52 | 000,010,752 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL
[2011/11/09 11:45:44 | 000,118,784 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMGBP.DLL
[2011/11/09 11:45:41 | 000,088,064 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBGBP.DLL
[2011/11/09 11:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2011/11/09 11:45:16 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2011/11/09 11:45:16 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2011/11/09 11:45:16 | 000,017,408 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcdev.dll
[2011/11/09 11:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2011/11/09 11:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2011/11/07 13:36:07 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\LogMeIn Rescue Applet

========== Files - Modified Within 30 Days ==========

[2011/12/05 18:40:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/05 17:25:30 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/05 17:25:30 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/05 17:18:24 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/05 17:18:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/05 17:17:59 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/05 14:14:00 | 000,002,353 | ---- | M] () -- C:\Users\Knight\Desktop\Dark Parables the Exiled Prince.lnk
[2011/12/05 13:35:30 | 000,002,448 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2011/12/05 11:51:45 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/04 21:04:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Knight\Documents\OTL.exe
[2011/12/03 10:50:08 | 001,426,925 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB
[2011/12/03 10:16:27 | 000,055,741 | ---- | M] () -- C:\Users\Knight\Documents\Receipt_3up.dotx
[2011/12/03 10:11:30 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/12/02 16:37:31 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.024
[2011/12/02 08:01:24 | 000,001,289 | ---- | M] () -- C:\Users\Knight\Desktop\Norton Installation Files.lnk
[2011/12/02 07:58:50 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/12/02 07:58:50 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/12/02 07:58:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/11/26 16:29:18 | 000,002,311 | ---- | M] () -- C:\Users\Knight\Desktop\Ultimate Adventures Bundle 4-in-1.lnk
[2011/11/26 16:28:48 | 000,001,192 | ---- | M] () -- C:\Users\Knight\Desktop\iPlay Games.lnk
[2011/11/23 13:30:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/11/22 12:21:08 | 000,001,210 | ---- | M] () -- C:\Users\Knight\Desktop\PlantsVsZombies - Shortcut.lnk
[2011/11/20 12:18:30 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKnight.job
[2011/11/18 12:25:09 | 000,029,721 | ---- | M] () -- C:\Users\Knight\Documents\payform3.pdf
[2011/11/18 12:24:26 | 000,029,781 | ---- | M] () -- C:\Users\Knight\Documents\payform2.pdf
[2011/11/18 12:23:38 | 000,029,519 | ---- | M] () -- C:\Users\Knight\Documents\payform.pdf
[2011/11/17 12:40:58 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/11/15 17:30:06 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/15 17:30:06 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/15 17:30:06 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/14 12:19:02 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/10 10:04:21 | 000,427,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 11:53:54 | 000,000,306 | ---- | M] () -- C:\Windows\setup.iss
[2011/11/07 13:19:02 | 000,007,605 | ---- | M] () -- C:\Users\Knight\AppData\Local\Resmon.ResmonCfg

========== Files Created - No Company Name ==========

[2011/12/05 14:14:00 | 000,002,353 | ---- | C] () -- C:\Users\Knight\Desktop\Dark Parables the Exiled Prince.lnk
[2011/12/05 13:35:30 | 000,002,448 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2011/12/03 10:49:46 | 000,014,119 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2011/12/03 10:49:45 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/12/03 10:16:47 | 000,055,741 | ---- | C] () -- C:\Users\Knight\Documents\Receipt_3up.dotx
[2011/12/02 07:54:34 | 000,001,289 | ---- | C] () -- C:\Users\Knight\Desktop\Norton Installation Files.lnk
[2011/11/26 16:29:18 | 000,002,311 | ---- | C] () -- C:\Users\Knight\Desktop\Ultimate Adventures Bundle 4-in-1.lnk
[2011/11/26 16:28:48 | 000,001,192 | ---- | C] () -- C:\Users\Knight\Desktop\iPlay Games.lnk
[2011/11/23 13:30:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/11/22 12:21:08 | 000,001,210 | ---- | C] () -- C:\Users\Knight\Desktop\PlantsVsZombies - Shortcut.lnk
[2011/11/18 12:25:09 | 000,029,721 | ---- | C] () -- C:\Users\Knight\Documents\payform3.pdf
[2011/11/18 12:24:26 | 000,029,781 | ---- | C] () -- C:\Users\Knight\Documents\payform2.pdf
[2011/11/18 12:23:38 | 000,029,519 | ---- | C] () -- C:\Users\Knight\Documents\payform.pdf
[2011/11/14 12:19:02 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/14 12:14:39 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/09 11:53:42 | 000,000,306 | ---- | C] () -- C:\Windows\setup.iss
[2011/11/07 13:19:02 | 000,007,605 | ---- | C] () -- C:\Users\Knight\AppData\Local\Resmon.ResmonCfg
[2011/10/03 22:31:58 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/10/03 22:31:58 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/10/03 22:31:37 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2011/10/03 22:31:36 | 000,000,462 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/10/03 22:31:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/10/03 22:27:20 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/09/29 08:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/29 08:23:39 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/09/29 08:21:58 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/09/29 08:21:58 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/09/29 08:21:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/09/29 08:21:57 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/09/29 08:21:45 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/09/29 08:21:45 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/12/17 03:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/07/28 19:08:42 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/07/20 14:42:46 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/20 13:43:13 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010/06/15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/02/10 12:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 278 bytes -> C:\ProgramData\Temp:9373B271
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:797ED8B2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EEB25EAE
< End of report >

This was the only report given. Can you help me remove this virus so I can reinstall Adobe. I need to be able to read PDF's

starbuck · Feb 4, 2014

Hi Reggie15

Step 1

Can you help me remove this virus so I can reinstall Adobe
Click to expand...

It's not a virus.
A lot of people have been having this problem with Adobe.
That's why everything returned to normal after you removed Adobe.
Either you or the program has changed the default file extensions to that of Adobe.
You need to reset the file extensions again.
There's a fix from Microsoft here that will make it easier for you:
http://support.microsoft.com/kb/950505

Step 2
Double click on OTL to run it.
Copy the lines in bold below. (make sure that :Otl is on the first line )

tl
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 278 bytes -> C:\ProgramData\Temp:9373B271
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:797ED8B2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EEB25EAE

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

Return to OTL,

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.

Click the red Run Fix button.

OTL will reboot your system once the fix has completed.

After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles

In your next reply, please submit:
OTL fix and let me know how you get on with the Microsoft fix.

Thanks.

Reggie15 · Dec 6, 2011

I'm sort of glad it's not a virus. I did the Microsoft fix and then the OTL fix. Is this all I need to do to get my computer running properly again? Will it be safe to reinstall Adobe now, or is there another program I can use to view PDF's?

Here is the report from OTL;

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\Temp:9373B271 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp:797ED8B2 .
Unable to delete ADS C:\ProgramData\Temp:EEB25EAE .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Knight\Documents\cmd.bat deleted successfully.
C:\Users\Knight\Documents\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Knight
->Temp folder emptied: 2806669 bytes
->Temporary Internet Files folder emptied: 233202852 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3114 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50575715 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4602545 bytes

Total Files Cleaned = 278.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12072011_161833
Files\Folders moved on Reboot...
C:\Users\Knight\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Knight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W5OQ9XVP\39503-all-programs-trying-to-open-with-adobe[1].htm moved successfully.
C:\Users\Knight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Knight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
Registry entries deleted on Reboot...

starbuck · Dec 7, 2011

Hi Reggie15

Will it be safe to reinstall Adobe now, or is there another program I can use to view PDF's?
Click to expand...

I apologise for not making things clearer.
The Microsoft fix is to be run after you have installed Adobe and are having problems with the file extensions.
By all means try reinstalling Adobe, just be careful and make sure you read everything on the install screens.
There may be an option ticked that says to open all programs with Adobe.
If there is an option like this, make sure you remove the tick from it.
If you get the same problem, then is the time to run the Microsoft fix.
All the fix does is to reset your file extensions back to their defaults.

Yes there are other programs that will enable you to read pdf files, you might try this:
http://www.verypdf.com/pdf-editor/free-pdf-viewer.html

also, as you use Firefox.... there is an addon to Firefox that will enable you to read pdf files in your browser:
https://addons.mozilla.org/en-US/firefox/addon/pdf-download/

Once you are able to read pdf files without any problem, we'll finish off.
Let me know how things go.

Thanks

jamaicanDating · Sep 25, 2012

Jamaican men

Log in or Sign up

All Programs Trying To Open With Adobe

Reggie15

starbuck Rest In Peace Pete Administrator

Reggie15

starbuck Rest In Peace Pete Administrator

Reggie15

starbuck Rest In Peace Pete Administrator

jamaicanDating Spammer

Share This Page

Log in or Sign up

All Programs Trying To Open With Adobe

Reggie15

starbuck Rest In Peace Pete Administrator

Reggie15

starbuck Rest In Peace Pete Administrator

Reggie15

starbuck Rest In Peace Pete Administrator

jamaicanDating Spammer

Share This Page

Useful Searches