1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] rogue.xp.antispyware 2009

Discussion in 'Malware Removal Help' started by joodyanne, Nov 11, 2013.

  1. joodyanne

    joodyanne Registered Members

    Joined:
    Dec 31, 2012
    Messages:
    195
    Location:
    Victoria, Australia
    Operating System:
    Windows 7
    CPU:
    Processor Intel(R)Core(TM)i5 CPU 661 @ 3.33GHz 4.44 GHz
    Memory:
    4.00GB
    Hard Drive:
    64-bit OS
    I cant believe I stupidly opened an email and got the above virus. Can you tell me how to get rid of it please? It's on my desktop pc, I am typing this from my notebook.
     
  2. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Jody,

    Do you have MBAM installed on the system?
    This program should be able to clean it quite easily.
    If you do:
    Please update MBAM and run a scan:
    Start MBAM
    Click on the Update tab

    [​IMG]

    Click Check for Updates

    If it says that MBAM needs to close to update it... let it close and then restart.
    Then click the Scan button.

    Don't forget:
    If you don't have MBAM on the system:

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Full Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Please post the report from MBAM in your next reply.

    Thanks
     
  3. joodyanne

    joodyanne Registered Members

    Joined:
    Dec 31, 2012
    Messages:
    195
    Location:
    Victoria, Australia
    Operating System:
    Windows 7
    CPU:
    Processor Intel(R)Core(TM)i5 CPU 661 @ 3.33GHz 4.44 GHz
    Memory:
    4.00GB
    Hard Drive:
    64-bit OS
    Bob, as requested.
    Judy


    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.11.12.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    owner :: OWNER-PC [administrator]

    12/11/2013 5:49:08 PM
    mbam-log-2013-11-12 (17-49-08).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 461500
    Time elapsed: 1 hour(s), 42 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AS2014 (Trojan.Agent.rfz) -> Data: C:\ProgramData\ahrpDn37\ahrpDn37.exe -> Quarantined and deleted successfully.
    HKCU\Control Panel\don't load|wscui.cpl (Hijack.SecurityCenter) -> Data: No -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\ProgramData\ahrpDn37\ahrpDn37.exe (Trojan.Agent.rfz) -> Quarantined and deleted successfully.
    C:\Users\owner\Downloads\VoiceMail_South_Melbourne (1).zip (Trojan.Inject) -> Quarantined and deleted successfully.
    C:\Users\owner\Downloads\VoiceMail_South_Melbourne.zip (Trojan.Inject) -> Quarantined and deleted successfully.

    (end)
     
  4. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Judy

    Ok, thanks for that.
    Let's make sure it's all been cleaned off the system.

    • Download OTL to your desktop.
      right click on the link and select 'Save Link/Target As'.

      if you have problems, try this download link:
      OTL
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check
    .

    .
    [​IMG]

    Now copy the lines in bold below.

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT


    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      [​IMG]
      .
    • Click the Run Scan button.

      [​IMG]
    • Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

    Thanks
     
  5. joodyanne

    joodyanne Registered Members

    Joined:
    Dec 31, 2012
    Messages:
    195
    Location:
    Victoria, Australia
    Operating System:
    Windows 7
    CPU:
    Processor Intel(R)Core(TM)i5 CPU 661 @ 3.33GHz 4.44 GHz
    Memory:
    4.00GB
    Hard Drive:
    64-bit OS
    OTL logfile created on: 13/11/2013 2:38:24 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16721)
    Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.80 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 55.77% Memory free
    7.61 Gb Paging File | 5.49 Gb Available in Paging File | 72.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 393.21 Gb Free Space | 84.44% Space Free | Partition Type: NTFS
    Drive D: | 73.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
    PRC - C:\Users\owner\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
    PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
    PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
    PRC - C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe ()
    PRC - C:\Users\owner\Art Plus\enlite.exe (Art Plus Marketing & Publishing)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\owner\AppData\Local\Temp\mProjector2783293641\Flash6MovieV2.3.1.1e.mvx ()
    MOD - C:\Users\owner\AppData\Local\Temp\mProjector2783293641\mPlayer.3.1.1e.dll ()
    MOD - C:\Users\owner\AppData\Local\Temp\mProjector2783293641\System.3.1.1e.mfx ()
    MOD - C:\Users\owner\AppData\Local\Temp\mProjector2783293641\File.3.1.1e.mfx ()
    MOD - C:\Users\owner\AppData\Local\Temp\mProjector2783293641\Registry.3.1.1e.mfx ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll ()
    MOD - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
    MOD - C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
    SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
    SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
    SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
    SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
    SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
    SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
    DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
    DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
    DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
    DRV:64bit: - (PSKMAD) -- C:\Windows\SysNative\drivers\PSKMAD.sys (Panda Security, S.L.)
    DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
    DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
    DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
    DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
    DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
    DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
    DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
    DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (InputFilter_Hid_FlexDef2b) -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys (Siliten)
    DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
    DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
    DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
    DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
    DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
    DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
    DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
    DRV - (HWiNFO32) -- C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS (REALiX(tm))
    DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{68F674E7-18B8-E028-0902-6886FFED341B}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{4C49044C-6421-80CA-D91D-22FE258304D5}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://au.news.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
    IE - HKCU\..\SearchScopes,DefaultScope = {C7ABD1B2-A801-453F-B910-058570D45F08}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
    IE - HKCU\..\SearchScopes\{59F932E5-D788-44DD-9AAC-5B4BEC6FC74E}: "URL" = http://www.google.com/search?q={sea...ncoding?}&oe={outputEncoding?}&rlz=1I7GGLD_en
    IE - HKCU\..\SearchScopes\{68F674E7-18B8-E028-0902-6886FFED341B}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{C7ABD1B2-A801-453F-B910-058570D45F08}: "URL" = http://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledAddons: %7B0cc09160-108c-4759-bab1-5c12c216e005%7D:3.15.1.0
    FF - prefs.js..extensions.enabledAddons: %7Bba14329e-9550-4989-b3f2-9732e92d17cc%7D:10.10.27.6
    FF - prefs.js..extensions.enabledAddons: specialsavings%40superfish.com:1.2.0.14
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=902615&ilc=12&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=902615"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\owner\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
    FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll File not found


    [2013/07/25 23:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
    [2013/11/07 07:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ifxvureb.default\extensions
    [2013/07/30 17:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ifxvureb.default\extensions\{0cc09160-108c-4759-bab1-5c12c216e005}
    [2013/07/30 17:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ifxvureb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2013/11/11 22:29:00 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ifxvureb.default\extensions\support@lastpass.com
    [2013/09/14 11:46:08 | 000,000,904 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ifxvureb.default\searchplugins\yahoo.xml
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IFXVUREB.DEFAULT\EXTENSIONS\SPECIALSAVINGS@SUPERFISH.COM

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0\

    O1 HOSTS File: ([2013/09/23 08:24:51 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
    O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: LastPass - file://C:\Users\owner\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
    O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\owner\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
    O8 - Extra context menu item: LastPass - file://C:\Users\owner\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
    O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\owner\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
    O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
    O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
    O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
    O1364bit: - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.45.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.45.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2B1012C-3FB3-4EE5-A246-105C15D1ABB4}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/09/20 15:46:02 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2012/04/17 18:36:22 | 000,000,103 | R--- | M] () - D:\AutoRun.inf -- [ CDFS ]
    O33 - MountPoints2\{164d1a5b-ca36-11e2-aaf7-001c34004a4d}\Shell - "" = AutoRun
    O33 - MountPoints2\{164d1a5b-ca36-11e2-aaf7-001c34004a4d}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
    O33 - MountPoints2\{2845cb61-5990-11e0-a94a-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{2845cb61-5990-11e0-a94a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\FamilyTreeBuilderSetup.exe -- [2012/01/17 18:19:54 | 076,454,056 | R--- | M] ()
    O33 - MountPoints2\{32ea7409-9b0f-11e2-a881-1078d284adc5}\Shell - "" = AutoRun
    O33 - MountPoints2\{32ea7409-9b0f-11e2-a881-1078d284adc5}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
    O33 - MountPoints2\{51e049e4-5a79-11e2-a57b-1078d284adc5}\Shell - "" = AutoRun
    O33 - MountPoints2\{51e049e4-5a79-11e2-a57b-1078d284adc5}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
    O33 - MountPoints2\{af1b9c7c-7c9f-11e1-82e7-1078d284adc5}\Shell - "" = AutoRun
    O33 - MountPoints2\{af1b9c7c-7c9f-11e1-82e7-1078d284adc5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass FF RunOnce.lnk - - File not found
    MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk - - File not found
    MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found
    MsConfig:64bit - StartUpFolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
    MsConfig:64bit - StartUpFolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk - C:\Users\owner\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe - (Facebook)
    MsConfig:64bit - StartUpFolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk - C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe - (Leader Technologies/Logitech)
    MsConfig:64bit - StartUpFolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
    MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: Advanced SystemCare 4 - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: Anti-phishing Domain Advisor - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    MsConfig:64bit - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    MsConfig:64bit - StartUpReg: Family Tree Builder Update - hkey= - key= - C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
    MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    MsConfig:64bit - StartUpReg: IObit Security 360 - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: KiesAirMessage - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
    MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
    MsConfig:64bit - StartUpReg: KiesPreload - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
    MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    MsConfig:64bit - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    MsConfig:64bit - StartUpReg: LogMeIn GUI - hkey= - key= - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
    MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    MsConfig:64bit - StartUpReg: MSC - hkey= - key= - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    MsConfig:64bit - StartUpReg: News.net - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: PC Ultra Speed - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    MsConfig:64bit - StartUpReg: PhotoSurfer Auto Acquire - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: ROC_ROC_NT - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
    MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    MsConfig:64bit - StartUpReg: swg - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: Weather Tracker3 - hkey= - key= - C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe ()
    MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    MsConfig:64bit - State: "startup" - Reg Error: Key error.

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/11/11 22:48:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2013/11/11 17:34:19 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
    [2013/11/11 17:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ahrpDn37
    [2013/11/11 17:06:28 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
    [2013/11/11 17:06:28 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
    [2013/11/07 07:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo!7 Messenger
    [2013/11/03 07:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
    [2013/10/23 07:52:13 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\AJ
    [2013/10/19 11:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2013/10/19 11:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2013/10/19 11:00:10 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/10/19 11:00:06 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/10/19 11:00:06 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/10/19 11:00:06 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/06/08 18:16:27 | 012,744,192 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
    [2012/01/28 09:24:38 | 021,408,749 | ---- | C] (Find Duplicate Photos, Inc. ) -- C:\Users\owner\duplicate-photos
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/11/13 14:41:01 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_owner.job
    [2013/11/13 13:55:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/11/13 13:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/11/13 13:01:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3177217554-3229440400-1117926324-1000UA.job
    [2013/11/13 13:00:27 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/11/13 10:01:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3177217554-3229440400-1117926324-1000Core.job
    [2013/11/13 07:17:59 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/11/13 07:17:59 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/11/13 07:11:11 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
    [2013/11/13 07:10:56 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
    [2013/11/13 07:10:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/11/13 07:10:00 | 3063,242,752 | -HS- | M] () -- C:\hiberfil.sys
    [2013/11/11 23:18:25 | 000,191,915 | ---- | M] () -- C:\Users\owner\Desktop\5-.JPG
    [2013/11/11 23:17:09 | 000,190,552 | ---- | M] () -- C:\Users\owner\Desktop\4-.JPG
    [2013/11/11 23:15:00 | 000,188,681 | ---- | M] () -- C:\Users\owner\Desktop\3-.JPG
    [2013/11/11 23:13:17 | 000,135,476 | ---- | M] () -- C:\Users\owner\Desktop\2-.JPG
    [2013/11/11 23:09:29 | 000,137,475 | ---- | M] () -- C:\Users\owner\Desktop\1-.JPG
    [2013/11/11 21:27:26 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
    [2013/11/11 17:46:10 | 000,739,180 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/11/11 17:46:10 | 000,635,608 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/11/11 17:46:10 | 000,115,540 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/11/11 17:34:27 | 000,000,000 | ---- | M] () -- C:\Users\owner\AppData\Roaming\SharedSettings.ccs
    [2013/11/11 10:43:28 | 000,118,258 | ---- | M] () -- C:\Users\owner\Desktop\After I clicked on it.jpg
    [2013/11/11 10:42:38 | 000,129,595 | ---- | M] () -- C:\Users\owner\Desktop\Before I clicked on it.jpg
    [2013/11/09 09:29:20 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
    [2013/11/07 09:45:32 | 000,012,284 | ---- | M] () -- C:\Users\owner\Documents\christmas pic.jpg
    [2013/11/07 07:41:26 | 012,744,192 | ---- | M] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
    [2013/11/07 07:41:23 | 000,001,192 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
    [2013/11/07 07:41:06 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk
    [2013/11/07 07:33:55 | 000,001,165 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo!7 Messenger.lnk
    [2013/11/07 07:33:55 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo!7 Messenger.lnk
    [2013/11/04 15:38:30 | 000,461,284 | ---- | M] () -- C:\Users\owner\Desktop\Invoice.pdf
    [2013/11/03 09:11:02 | 001,344,512 | ---- | M] () -- C:\Users\owner\Documents\Cook - Overbury.rmgc
    [2013/11/03 09:10:59 | 000,249,407 | ---- | M] () -- C:\Users\owner\Documents\Cook - Overbury (2013-11-03).rmgb
    [2013/11/03 07:06:20 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
    [2013/10/27 11:15:10 | 002,651,130 | ---- | M] () -- C:\Users\owner\Desktop\heating.jpg
    [2013/10/26 07:14:39 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/10/23 16:32:15 | 000,056,117 | ---- | M] () -- C:\Users\owner\hotel.jpg
    [2013/10/22 07:28:30 | 000,004,096 | -H-- | M] () -- C:\Users\owner\AppData\Local\keyfile3.drm
    [2013/10/20 09:38:55 | 000,208,775 | ---- | M] () -- C:\Users\owner\fire.JPG
    [2013/10/19 12:12:21 | 000,743,930 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/10/17 07:46:38 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/10/17 07:46:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/10/16 22:14:43 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/10/16 12:24:48 | 000,001,768 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/10/16 07:57:10 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/10/14 21:50:52 | 000,172,253 | ---- | M] () -- C:\Users\owner\Penshaw Monument.jpg
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/11/11 23:18:25 | 000,191,915 | ---- | C] () -- C:\Users\owner\Desktop\5-.JPG
    [2013/11/11 23:17:09 | 000,190,552 | ---- | C] () -- C:\Users\owner\Desktop\4-.JPG
    [2013/11/11 23:15:00 | 000,188,681 | ---- | C] () -- C:\Users\owner\Desktop\3-.JPG
    [2013/11/11 23:13:17 | 000,135,476 | ---- | C] () -- C:\Users\owner\Desktop\2-.JPG
    [2013/11/11 23:09:29 | 000,137,475 | ---- | C] () -- C:\Users\owner\Desktop\1-.JPG
    [2013/11/11 18:27:45 | 000,008,627 | ---- | C] () -- C:\Windows\SysWow64\PAV_FOG.OPC
    [2013/11/11 17:34:27 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Roaming\SharedSettings.ccs
    [2013/11/11 10:43:28 | 000,118,258 | ---- | C] () -- C:\Users\owner\Desktop\After I clicked on it.jpg
    [2013/11/11 10:42:38 | 000,129,595 | ---- | C] () -- C:\Users\owner\Desktop\Before I clicked on it.jpg
    [2013/11/09 09:29:20 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
    [2013/11/09 09:29:19 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
    [2013/11/07 09:45:50 | 000,012,284 | ---- | C] () -- C:\Users\owner\Documents\christmas pic.jpg
    [2013/11/07 07:41:19 | 000,001,192 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
    [2013/11/07 07:33:55 | 000,001,165 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo!7 Messenger.lnk
    [2013/11/07 07:33:55 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo!7 Messenger.lnk
    [2013/11/04 15:38:29 | 000,461,284 | ---- | C] () -- C:\Users\owner\Desktop\Invoice.pdf
    [2013/11/03 09:10:59 | 000,249,407 | ---- | C] () -- C:\Users\owner\Documents\Cook - Overbury (2013-11-03).rmgb
    [2013/11/03 07:06:20 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
    [2013/10/27 11:15:10 | 002,651,130 | ---- | C] () -- C:\Users\owner\Desktop\heating.jpg
    [2013/10/23 16:32:14 | 000,056,117 | ---- | C] () -- C:\Users\owner\hotel.jpg
    [2013/10/22 07:28:30 | 000,004,096 | -H-- | C] () -- C:\Users\owner\AppData\Local\keyfile3.drm
    [2013/10/20 09:38:54 | 000,208,775 | ---- | C] () -- C:\Users\owner\fire.JPG
    [2013/10/16 12:24:48 | 000,001,768 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/10/14 21:50:51 | 000,172,253 | ---- | C] () -- C:\Users\owner\Penshaw Monument.jpg
    [2013/09/04 09:26:41 | 000,086,854 | ---- | C] () -- C:\Users\owner\Murchison.jpg
    [2013/07/08 15:45:31 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2013/07/08 15:45:24 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2013/07/08 15:45:24 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2013/07/08 15:45:24 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2013/07/08 12:20:18 | 000,000,891 | ---- | C] () -- C:\Users\owner\.recently-used.xbel
    [2013/07/07 13:24:17 | 000,056,431 | ---- | C] () -- C:\Users\owner\dog house.jpg
    [2013/06/16 10:27:14 | 000,086,623 | ---- | C] () -- C:\Users\owner\Lauren in Shannon's room 16-6-13.jpg
    [2013/06/16 10:18:33 | 000,149,849 | ---- | C] () -- C:\Users\owner\green and white.jpg
    [2013/05/18 09:32:40 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
    [2013/05/10 11:59:23 | 000,325,350 | ---- | C] () -- C:\Users\owner\Clock Radio dream_machine_icfc318.pdf
    [2013/05/10 11:48:56 | 001,386,865 | ---- | C] () -- C:\Users\owner\Panasonic Phone Manual.pdf
    [2013/04/21 10:44:39 | 000,058,584 | ---- | C] () -- C:\Users\owner\joke.jpg
    [2013/04/21 10:43:03 | 000,049,032 | ---- | C] () -- C:\Users\owner\Australia.jpg
    [2013/04/02 08:04:22 | 000,001,849 | ---- | C] () -- C:\Users\owner\Geoff2.jpg
    [2013/02/22 21:17:24 | 001,523,020 | ---- | C] () -- C:\Users\owner\AppData\Local\census.cache
    [2013/02/22 21:16:20 | 000,122,596 | ---- | C] () -- C:\Users\owner\AppData\Local\ars.cache
    [2013/02/22 20:51:30 | 000,000,036 | ---- | C] () -- C:\Users\owner\AppData\Local\housecall.guid.cache
    [2013/02/21 09:08:49 | 000,004,608 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/02/08 16:10:14 | 000,014,831 | ---- | C] () -- C:\Users\owner\Vew club log.png
    [2012/10/29 06:35:07 | 000,003,882 | ---- | C] () -- C:\Users\owner\David B.JPG
    [2012/08/31 16:27:32 | 000,032,863 | ---- | C] () -- C:\Users\owner\Google.JPG
    [2012/05/03 11:39:35 | 000,000,240 | ---- | C] () -- C:\Windows\MyHeritage.INI
    [2012/05/03 11:39:01 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
    [2012/04/16 16:37:08 | 000,000,288 | ---- | C] () -- C:\Users\owner\AppData\Roaming\.backup.dm
    [2011/08/03 09:50:45 | 000,001,077 | ---- | C] () -- C:\Users\owner\Documents - Shortcut (2).lnk
    [2011/07/31 11:33:06 | 000,067,318 | ---- | C] () -- C:\Users\owner\Gumbalumba Estate.htm

    ========== ZeroAccess Check ==========

    [2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 13:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 12:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/01/13 14:52:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\.minecraft
    [2011/05/15 14:22:01 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Auslogics
    [2011/12/08 13:15:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Canon
    [2011/11/26 12:58:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Desktop Apps
    [2013/11/12 19:56:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dropbox
    [2011/06/17 09:41:51 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Easy Duplicate Finder
    [2013/06/06 09:28:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\EurekaLog
    [2012/12/19 15:45:08 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Expert PDF 7
    [2012/01/28 09:47:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Find Duplicate Photos Platinum
    [2012/04/08 22:09:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Firetrust
    [2013/11/09 09:29:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Foxit Software
    [2011/05/21 23:47:40 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FTW
    [2011/04/22 17:41:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GHISLER
    [2012/09/14 23:27:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GlarySoft
    [2013/07/08 12:20:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\gtk-2.0
    [2012/12/31 14:35:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\HTC
    [2013/01/13 09:03:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\HTC Sync
    [2012/01/08 22:58:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ICQ
    [2013/11/11 22:29:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\IrfanView
    [2012/02/18 22:17:19 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Kingsoft
    [2011/06/20 08:50:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech
    [2011/07/15 13:17:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Lymbix
    [2012/04/10 22:21:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Millennia
    [2012/05/03 11:40:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\MyHeritage
    [2012/09/30 12:21:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Nico Mak Computing
    [2011/04/11 08:54:54 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Obsidium
    [2013/01/13 16:59:08 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Outlook
    [2011/06/17 09:44:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PC Unleashed Online
    [2011/06/17 11:33:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PhotoScape
    [2011/12/11 10:36:07 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\RegistryKeys
    [2011/04/17 22:02:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Remove Duplicate Photos
    [2012/09/04 07:59:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\RootsMagic
    [2012/12/20 22:08:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Samsung
    [2011/07/17 10:58:43 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Software.com
    [2013/03/15 09:55:17 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SpeedTestAnalysis
    [2013/08/17 08:42:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SumatraPDF
    [2012/03/23 10:38:30 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TeamViewer
    [2012/05/03 11:39:01 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\The Complete Genealogy Reporter - FTB
    [2011/04/04 15:37:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2011/04/30 16:24:16 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2011/07/15 09:53:40 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
    [2013/09/20 15:46:02 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
    [2010/09/26 11:33:42 | 000,000,539 | ---- | M] () -- C:\e-tax 2010_uninstall.lnk
    [2011/10/04 20:37:03 | 000,001,999 | ---- | M] () -- C:\e-tax 2011.lnk
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2013/11/13 07:10:00 | 3063,242,752 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2012/09/08 15:18:13 | 000,000,462 | ---- | M] () -- C:\Local Disk (C) - Shortcut.lnk
    [2013/11/13 07:10:01 | 4084,326,400 | -HS- | M] () -- C:\pagefile.sys
    [2013/04/22 10:11:22 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_22.04.2013_09.09.25_log.txt
    [2013/04/22 10:20:23 | 000,259,434 | ---- | M] () -- C:\TDSSKiller.2.8.17.0_22.04.2013_09.14.51_log.txt
    [2010/09/26 11:33:42 | 000,000,557 | ---- | M] () -- C:\Uninstall e-tax 2010.lnk
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\*.exe /lockedfiles >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\* >
    [2009/07/14 15:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/09/23 12:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/09/23 12:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/09/23 09:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/09/23 09:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/09/23 09:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/23 12:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/09/23 12:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 961 bytes -> C:\Users\owner\Documents\Judy, Get back in the fast lane!.eml:OECustomProperty
    @Alternate Data Stream - 945 bytes -> C:\Users\owner\Desktop\139D7049-0000274E.eml:OECustomProperty
    @Alternate Data Stream - 781 bytes -> C:\Users\owner\Documents\Sent from Snipping Tool.eml:OECustomProperty
    @Alternate Data Stream - 681 bytes -> C:\Users\owner\Desktop\40DC4587-000000AB.eml:OECustomProperty
    @Alternate Data Stream - 673 bytes -> C:\Users\owner\Documents\Bingo.eml:OECustomProperty
    @Alternate Data Stream - 1614 bytes -> C:\Users\owner\Desktop\139D7049-0000274E.eml:OEStandardProperty
    @Alternate Data Stream - 1083 bytes -> C:\Users\owner\Documents\New Limewire Version Available.eml:OECustomProperty

    < End of report >
    I think I stuffed up - I can't find the other one in OTL file :( Do you want me to do it again?
    If there are any programs you think I should delete, please let me know.
     
  6. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Judy,

    This is the reason..
    Otl only produces the Extras.txt by default on a first run.
    To get it to produce the Extras.txt on subsequent runs it has to be run slightly different.
    I will explain later.

    There was a few XP antispyware items left over.
    Nothing serious though.
    I do have a few questions though.......
    You have Microsoft Security Essentials installed but it's not running at startup!!
    Probably because it's been disabled by way of MsConfig!!
    Why would you have an AntiVirus installed but not running?
    I suggest you go back into MsConfig and re-enable it again.

    There are also some entries for Panda Security... is this installed?

    The fix is fairy large, so to make sure that everything gets included i will post it as an attachment.

    Step 1
    Please click the attachment at the bottom of this post and save it to your Desktop.
    Double click on OTL to run it.
    • Click the red Run Fix button.
    • It will say no fix provided and ask if you want to load from File..... click Ok
    • Browse to the downloaded fix.txt ( on the Desktop) and select it.
    • The fix will now load
    • Click the Run Fix button again to start the fix
    • OTL will reboot your system once the fix has completed.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
    • Copy and paste the contents of the OTL log that comes up after the fix in your next reply.
    if you lose the report, there will be a copy here:
    C:\_OTL\MovedFiles

    Step 2
    Re-run Otl using these instructions.

    Click on OTL to run it.
    • Under the Extra Registry section, select Use SafeList.
    • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open. You only need to post the 'Extras.txt report.

    In your next reply, please submit:
    Otl fix report
    and the Extras.txt


    Thanks.
     

    Attached Files:

    • fix.txt
      File size:
      4.4 KB
      Views:
      22
    Last edited: Nov 13, 2013
  7. joodyanne

    joodyanne Registered Members

    Joined:
    Dec 31, 2012
    Messages:
    195
    Location:
    Victoria, Australia
    Operating System:
    Windows 7
    CPU:
    Processor Intel(R)Core(TM)i5 CPU 661 @ 3.33GHz 4.44 GHz
    Memory:
    4.00GB
    Hard Drive:
    64-bit OS
    Thanks Bob, I don't want to rush things, and am about to go out, so will have a good look at your information when I get back this afternoon. I did have Panda as an online fix, but thought I had got rid of it all.
     
  8. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Ok, that's good.
    I have edited the fix.txt and have included the Panda entries now.
    They must have been leftovers.
     
  9. joodyanne

    joodyanne Registered Members

    Joined:
    Dec 31, 2012
    Messages:
    195
    Location:
    Victoria, Australia
    Operating System:
    Windows 7
    CPU:
    Processor Intel(R)Core(TM)i5 CPU 661 @ 3.33GHz 4.44 GHz
    Memory:
    4.00GB
    Hard Drive:
    64-bit OS
    I am so embarrassed. I tried to have AntiVirus running (windows defender) and Microsoft Security Essentials running on startup - hope I have done them right.
    I attached the fix, but when I started OTL up to run, it only got to the send part where it says o34 HKLM BootExecute: (SmartDefragBootTime.exe) and would not respond. I have rebooted twice since then, and cannot get this fix to start past 034. I got an error message from OTL both times.
    Files\Folders moved on Reboot...
    File move failed. D:\FamilyTreeBuilderSetup.exe scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot..
    .
    I hope I haven't stuffed everything up :(
     
  10. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Judy,

    No problem.
    Did Otl create a fix report here:
    C:\_OTL\MovedFiles
    If not use the fix.txt posted in this reply instead.
    I've removed that part of the fix.
    We can sort the removed part, later.
     

    Attached Files:

    • fix.txt
      File size:
      4.3 KB
      Views:
      17
  11. joodyanne

    joodyanne Registered Members

    Joined:
    Dec 31, 2012
    Messages:
    195
    Location:
    Victoria, Australia
    Operating System:
    Windows 7
    CPU:
    Processor Intel(R)Core(TM)i5 CPU 661 @ 3.33GHz 4.44 GHz
    Memory:
    4.00GB
    Hard Drive:
    64-bit OS
    I have done the latest fix, took a while, as it kept picking up the previous fix on desktop. Hope this is what you need.

    All processes killed
    ========== OTL ==========
    Error: No service named esgiguard was found to stop!
    Service\Driver key esgiguard not found.
    File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.
    Error: No service named PSKMAD was found to stop!
    Service\Driver key PSKMAD not found.
    File C:\Windows\SysNative\drivers\PSKMAD.sys not found.
    Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\intel.com/AppUp\ not found.
    File C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ifxvureb.default\searchplugins\yahoo.xml not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass\ not found.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Fill Forms\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Fill Forms\ not found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{164d1a5b-ca36-11e2-aaf7-001c34004a4d}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{164d1a5b-ca36-11e2-aaf7-001c34004a4d}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{164d1a5b-ca36-11e2-aaf7-001c34004a4d}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{164d1a5b-ca36-11e2-aaf7-001c34004a4d}\ not found.
    File F:\HTC_Sync_Manager_PC.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2845cb61-5990-11e0-a94a-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2845cb61-5990-11e0-a94a-806e6f6e6963}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2845cb61-5990-11e0-a94a-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2845cb61-5990-11e0-a94a-806e6f6e6963}\ not found.
    File move failed. D:\FamilyTreeBuilderSetup.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32ea7409-9b0f-11e2-a881-1078d284adc5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32ea7409-9b0f-11e2-a881-1078d284adc5}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32ea7409-9b0f-11e2-a881-1078d284adc5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32ea7409-9b0f-11e2-a881-1078d284adc5}\ not found.
    File E:\HTC_Sync_Manager_PC.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51e049e4-5a79-11e2-a57b-1078d284adc5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51e049e4-5a79-11e2-a57b-1078d284adc5}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51e049e4-5a79-11e2-a57b-1078d284adc5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51e049e4-5a79-11e2-a57b-1078d284adc5}\ not found.
    File E:\HTC_Sync_Manager_PC.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af1b9c7c-7c9f-11e1-82e7-1078d284adc5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af1b9c7c-7c9f-11e1-82e7-1078d284adc5}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af1b9c7c-7c9f-11e1-82e7-1078d284adc5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af1b9c7c-7c9f-11e1-82e7-1078d284adc5}\ not found.
    File E:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
    File F:\HTC_Sync_Manager_PC.exe not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Adobe Reader Speed Launcher\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Advanced SystemCare 4\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Anti-phishing Domain Advisor\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\avgnt\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Google Update\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\IObit Security 360\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\KiesHelper\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\News.net\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PC Ultra Speed\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PhotoSurfer Auto Acquire\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ROC_ROC_NT\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\swg\ not found.
    C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro folder moved successfully.
    C:\ProgramData\ahrpDn37 folder moved successfully.
    C:\Windows\SysWOW64\PAV_FOG.OPC moved successfully.
    ========== FILES ==========
    File\Folder C:\Windows\SysNative\drivers\PSKMAD.sys not found.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\owner\Downloads\cmd.bat deleted successfully.
    C:\Users\owner\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest

    User: LogMeInRemoteUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: owner
    ->Temp folder emptied: 12777630 bytes
    ->Temporary Internet Files folder emptied: 15972516 bytes
    ->Java cache emptied: 2607544 bytes
    ->FireFox cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 643 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1715903 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 200626656 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 10106434 bytes

    Total Files Cleaned = 233.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.69.0 log created on 11142013_183805

    Files\Folders moved on Reboot...
    File move failed. D:\FamilyTreeBuilderSetup.exe scheduled to be moved on reboot.
    C:\Users\owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    ---

    So how am I doing now? There only appeared to be the one report.
     
  12. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    It's looking a lot better now
    Please follow the previous instructions to obtain the extras.txt and post that for me
    Thanks
     
  13. joodyanne

    joodyanne Registered Members

    Joined:
    Dec 31, 2012
    Messages:
    195
    Location:
    Victoria, Australia
    Operating System:
    Windows 7
    CPU:
    Processor Intel(R)Core(TM)i5 CPU 661 @ 3.33GHz 4.44 GHz
    Memory:
    4.00GB
    Hard Drive:
    64-bit OS
    Not sure why, Bob, but it still keeps on sticking and wont respond on o34 HKLM BootExecute: (SmartDefragBootTime.exe) when I try to do the first fix mentioned. Is it OK to empty the OTL file, I have so many files there now. Did I fix Windows Essentials and the anti virus program the right way?
     
  14. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    We have run the fix so you don't need those fix files any more.
    I just need you to run another scan using the step2 instructions I posted with the first fix.
    Am at work at the moment and am replying from my phone.
    I will reply in more detail this evening.
     
  15. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Judy,

    You were right to stop one of the programs..... unfortunately you stopped the wrong one.
    MSSE should be left running and it should have been Windows Defender that needed to be closed.

    http://answers.microsoft.com/en-us/...sentials/5309cb8d-02e1-40e8-974f-0dcedb9ab9fd

    So make sure that Windows Defender is shut down.

    To disable Windows Defender...
    • Click Start >> Programs >> Windows Defender or launch from the system tray icon.
    • Click on Tools & Settings >> Options.
    • Under Real-time protection options, uncheck the "Real-time protection" check box.
    • Click Save.
    • Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.

    This is the step i wanted you to follow... to get the Extras.txt.

    Click on OTL to run it.
    • Under the Extra Registry section, select Use SafeList.
    • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

    You may as well post both reports now.

    Thanks
     
  16. joodyanne

    joodyanne Registered Members

    Joined:
    Dec 31, 2012
    Messages:
    195
    Location:
    Victoria, Australia
    Operating System:
    Windows 7
    CPU:
    Processor Intel(R)Core(TM)i5 CPU 661 @ 3.33GHz 4.44 GHz
    Memory:
    4.00GB
    Hard Drive:
    64-bit OS
    I must have done that between posts, Bob, as MSSE is the only one showing on my task bar, and it does say Windows defender is closed.

    Hopefully I followed your instructions carefully this time, but there was on one report :(



    OTL logfile created on: 15/11/2013 7:07:32 AM - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16736)
    Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.80 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 61.14% Memory free
    7.61 Gb Paging File | 5.57 Gb Available in Paging File | 73.19% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 395.66 Gb Free Space | 84.97% Space Free | Partition Type: NTFS
    Drive D: | 73.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
    PRC - C:\Users\owner\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
    PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
    PRC - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\PepperFlash\pepflashplayer.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\pdf.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\libglesv2.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\libegl.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\ffmpegsumo.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
    MOD - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
    MOD - C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll ()
    MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
    MOD - C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
    SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
    SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
    SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
    SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
    SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
    SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
    DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
    DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
    DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
    DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
    DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
    DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
    DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
    DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
    DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (InputFilter_Hid_FlexDef2b) -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys (Siliten)
    DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
    DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
    DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
    DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
    DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
    DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
    DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
    DRV - (HWiNFO32) -- C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS (REALiX(tm))
    DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{68F674E7-18B8-E028-0902-6886FFED341B}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{4C49044C-6421-80CA-D91D-22FE258304D5}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://au.news.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
    IE - HKCU\..\SearchScopes,DefaultScope = {C7ABD1B2-A801-453F-B910-058570D45F08}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
    IE - HKCU\..\SearchScopes\{59F932E5-D788-44DD-9AAC-5B4BEC6FC74E}: "URL" = http://www.google.com/search?q={sea...ncoding?}&oe={outputEncoding?}&rlz=1I7GGLD_en
    IE - HKCU\..\SearchScopes\{68F674E7-18B8-E028-0902-6886FFED341B}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{C7ABD1B2-A801-453F-B910-058570D45F08}: "URL" = http://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledAddons: %7B0cc09160-108c-4759-bab1-5c12c216e005%7D:3.15.1.0
    FF - prefs.js..extensions.enabledAddons: %7Bba14329e-9550-4989-b3f2-9732e92d17cc%7D:10.10.27.6
    FF - prefs.js..extensions.enabledAddons: specialsavings%40superfish.com:1.2.0.14
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=902615&ilc=12&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=902615"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\owner\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)


    [2013/07/25 23:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
    [2013/11/07 07:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ifxvureb.default\extensions
    [2013/07/30 17:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ifxvureb.default\extensions\{0cc09160-108c-4759-bab1-5c12c216e005}
    [2013/07/30 17:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ifxvureb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2013/11/11 22:29:00 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ifxvureb.default\extensions\support@lastpass.com
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IFXVUREB.DEFAULT\EXTENSIONS\SPECIALSAVINGS@SUPERFISH.COM

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0\

    O1 HOSTS File: ([2013/11/14 18:38:35 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
    O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
    O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
    O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.45.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.45.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2B1012C-3FB3-4EE5-A246-105C15D1ABB4}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/09/20 15:46:02 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2012/04/17 18:36:22 | 000,000,103 | R--- | M] () - D:\AutoRun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/11/13 21:23:21 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/11/13 21:23:21 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/11/13 21:23:20 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/11/13 21:23:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/11/13 21:23:20 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/11/13 21:23:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/11/13 21:23:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/11/13 21:23:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/11/13 21:23:20 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/11/13 21:23:20 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/11/13 21:23:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/11/13 21:23:18 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/11/13 21:23:18 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/11/13 21:23:18 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/11/13 21:23:18 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/11/13 16:43:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Yahoo!
    [2013/11/13 14:54:47 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2013/11/13 14:54:43 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2013/11/13 14:54:43 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2013/11/13 14:54:43 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
    [2013/11/13 14:54:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
    [2013/11/13 14:54:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
    [2013/11/13 14:42:45 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
    [2013/11/13 14:42:43 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
    [2013/11/13 14:42:43 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
    [2013/11/13 14:42:43 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
    [2013/11/13 14:42:43 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
    [2013/11/11 22:48:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2013/11/11 17:06:28 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
    [2013/11/11 17:06:28 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
    [2013/11/07 07:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo!7 Messenger
    [2013/11/03 07:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
    [2013/10/23 07:52:13 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\AJ
    [2013/10/19 11:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2013/10/19 11:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2013/10/19 11:00:10 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/10/19 11:00:06 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/10/19 11:00:06 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/10/19 11:00:06 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/06/08 18:16:27 | 012,744,192 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
    [2012/01/28 09:24:38 | 021,408,749 | ---- | C] (Find Duplicate Photos, Inc. ) -- C:\Users\owner\duplicate-photos

    ========== Files - Modified Within 30 Days ==========

    [2013/11/15 07:01:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3177217554-3229440400-1117926324-1000UA.job
    [2013/11/15 07:00:43 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/11/15 07:00:41 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/11/15 06:57:06 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/11/15 06:57:06 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/11/15 06:49:39 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
    [2013/11/15 06:49:36 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
    [2013/11/15 06:49:34 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/11/15 06:49:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/11/15 06:49:04 | 3063,242,752 | -HS- | M] () -- C:\hiberfil.sys
    [2013/11/14 21:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/11/14 21:41:01 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_owner.job
    [2013/11/14 18:38:35 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
    [2013/11/14 10:01:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3177217554-3229440400-1117926324-1000Core.job
    [2013/11/11 23:18:25 | 000,191,915 | ---- | M] () -- C:\Users\owner\Desktop\5-.JPG
    [2013/11/11 23:17:09 | 000,190,552 | ---- | M] () -- C:\Users\owner\Desktop\4-.JPG
    [2013/11/11 23:15:00 | 000,188,681 | ---- | M] () -- C:\Users\owner\Desktop\3-.JPG
    [2013/11/11 23:13:17 | 000,135,476 | ---- | M] () -- C:\Users\owner\Desktop\2-.JPG
    [2013/11/11 23:09:29 | 000,137,475 | ---- | M] () -- C:\Users\owner\Desktop\1-.JPG
    [2013/11/11 17:46:10 | 000,739,180 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/11/11 17:46:10 | 000,635,608 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/11/11 17:46:10 | 000,115,540 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/11/11 17:34:27 | 000,000,000 | ---- | M] () -- C:\Users\owner\AppData\Roaming\SharedSettings.ccs
    [2013/11/09 09:29:20 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
    [2013/11/07 09:45:32 | 000,012,284 | ---- | M] () -- C:\Users\owner\Documents\christmas pic.jpg
    [2013/11/07 07:41:26 | 012,744,192 | ---- | M] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
    [2013/11/07 07:41:23 | 000,001,192 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
    [2013/11/07 07:41:06 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk
    [2013/11/07 07:33:55 | 000,001,165 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo!7 Messenger.lnk
    [2013/11/07 07:33:55 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo!7 Messenger.lnk
    [2013/11/03 09:11:02 | 001,344,512 | ---- | M] () -- C:\Users\owner\Documents\Cook - Overbury.rmgc
    [2013/11/03 09:10:59 | 000,249,407 | ---- | M] () -- C:\Users\owner\Documents\Cook - Overbury (2013-11-03).rmgb
    [2013/11/03 07:06:20 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
    [2013/10/27 11:15:10 | 002,651,130 | ---- | M] () -- C:\Users\owner\Desktop\heating.jpg
    [2013/10/26 07:14:39 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/10/23 16:32:15 | 000,056,117 | ---- | M] () -- C:\Users\owner\hotel.jpg
    [2013/10/22 07:28:30 | 000,004,096 | -H-- | M] () -- C:\Users\owner\AppData\Local\keyfile3.drm
    [2013/10/20 09:38:55 | 000,208,775 | ---- | M] () -- C:\Users\owner\fire.JPG
    [2013/10/19 12:12:21 | 000,743,930 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/10/17 07:46:38 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/10/17 07:46:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/10/16 22:14:43 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/10/16 12:24:48 | 000,001,768 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

    ========== Files Created - No Company Name ==========

    [2013/11/11 23:18:25 | 000,191,915 | ---- | C] () -- C:\Users\owner\Desktop\5-.JPG
    [2013/11/11 23:17:09 | 000,190,552 | ---- | C] () -- C:\Users\owner\Desktop\4-.JPG
    [2013/11/11 23:15:00 | 000,188,681 | ---- | C] () -- C:\Users\owner\Desktop\3-.JPG
    [2013/11/11 23:13:17 | 000,135,476 | ---- | C] () -- C:\Users\owner\Desktop\2-.JPG
    [2013/11/11 23:09:29 | 000,137,475 | ---- | C] () -- C:\Users\owner\Desktop\1-.JPG
    [2013/11/11 17:34:27 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Roaming\SharedSettings.ccs
    [2013/11/09 09:29:20 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
    [2013/11/09 09:29:19 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
    [2013/11/07 09:45:50 | 000,012,284 | ---- | C] () -- C:\Users\owner\Documents\christmas pic.jpg
    [2013/11/07 07:41:19 | 000,001,192 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
    [2013/11/07 07:33:55 | 000,001,165 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo!7 Messenger.lnk
    [2013/11/07 07:33:55 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo!7 Messenger.lnk
    [2013/11/03 09:10:59 | 000,249,407 | ---- | C] () -- C:\Users\owner\Documents\Cook - Overbury (2013-11-03).rmgb
    [2013/11/03 07:06:20 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
    [2013/10/27 11:15:10 | 002,651,130 | ---- | C] () -- C:\Users\owner\Desktop\heating.jpg
    [2013/10/23 16:32:14 | 000,056,117 | ---- | C] () -- C:\Users\owner\hotel.jpg
    [2013/10/22 07:28:30 | 000,004,096 | -H-- | C] () -- C:\Users\owner\AppData\Local\keyfile3.drm
    [2013/10/20 09:38:54 | 000,208,775 | ---- | C] () -- C:\Users\owner\fire.JPG
    [2013/10/16 12:24:48 | 000,001,768 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/10/14 21:50:51 | 000,172,253 | ---- | C] () -- C:\Users\owner\Penshaw Monument.jpg
    [2013/09/04 09:26:41 | 000,086,854 | ---- | C] () -- C:\Users\owner\Murchison.jpg
    [2013/07/08 15:45:31 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2013/07/08 15:45:24 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2013/07/08 15:45:24 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2013/07/08 15:45:24 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2013/07/08 12:20:18 | 000,000,891 | ---- | C] () -- C:\Users\owner\.recently-used.xbel
    [2013/07/07 13:24:17 | 000,056,431 | ---- | C] () -- C:\Users\owner\dog house.jpg
    [2013/06/16 10:27:14 | 000,086,623 | ---- | C] () -- C:\Users\owner\Lauren in Shannon's room 16-6-13.jpg
    [2013/06/16 10:18:33 | 000,149,849 | ---- | C] () -- C:\Users\owner\green and white.jpg
    [2013/05/18 09:32:40 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
    [2013/05/10 11:59:23 | 000,325,350 | ---- | C] () -- C:\Users\owner\Clock Radio dream_machine_icfc318.pdf
    [2013/05/10 11:48:56 | 001,386,865 | ---- | C] () -- C:\Users\owner\Panasonic Phone Manual.pdf
    [2013/04/21 10:44:39 | 000,058,584 | ---- | C] () -- C:\Users\owner\joke.jpg
    [2013/04/21 10:43:03 | 000,049,032 | ---- | C] () -- C:\Users\owner\Australia.jpg
    [2013/04/02 08:04:22 | 000,001,849 | ---- | C] () -- C:\Users\owner\Geoff2.jpg
    [2013/02/22 21:17:24 | 001,523,020 | ---- | C] () -- C:\Users\owner\AppData\Local\census.cache
    [2013/02/22 21:16:20 | 000,122,596 | ---- | C] () -- C:\Users\owner\AppData\Local\ars.cache
    [2013/02/22 20:51:30 | 000,000,036 | ---- | C] () -- C:\Users\owner\AppData\Local\housecall.guid.cache
    [2013/02/21 09:08:49 | 000,004,608 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/02/08 16:10:14 | 000,014,831 | ---- | C] () -- C:\Users\owner\Vew club log.png
    [2012/10/29 06:35:07 | 000,003,882 | ---- | C] () -- C:\Users\owner\David B.JPG
    [2012/08/31 16:27:32 | 000,032,863 | ---- | C] () -- C:\Users\owner\Google.JPG
    [2012/05/03 11:39:35 | 000,000,240 | ---- | C] () -- C:\Windows\MyHeritage.INI
    [2012/05/03 11:39:01 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
    [2012/04/16 16:37:08 | 000,000,288 | ---- | C] () -- C:\Users\owner\AppData\Roaming\.backup.dm
    [2011/08/03 09:50:45 | 000,001,077 | ---- | C] () -- C:\Users\owner\Documents - Shortcut (2).lnk
    [2011/07/31 11:33:06 | 000,067,318 | ---- | C] () -- C:\Users\owner\Gumbalumba Estate.htm

    ========== ZeroAccess Check ==========

    [2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 13:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 12:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 961 bytes -> C:\Users\owner\Documents\Judy, Get back in the fast lane!.eml:OECustomProperty
    @Alternate Data Stream - 945 bytes -> C:\Users\owner\Desktop\139D7049-0000274E.eml:OECustomProperty
    @Alternate Data Stream - 781 bytes -> C:\Users\owner\Documents\Sent from Snipping Tool.eml:OECustomProperty
    @Alternate Data Stream - 681 bytes -> C:\Users\owner\Desktop\40DC4587-000000AB.eml:OECustomProperty
    @Alternate Data Stream - 673 bytes -> C:\Users\owner\Documents\Bingo.eml:OECustomProperty
    @Alternate Data Stream - 1614 bytes -> C:\Users\owner\Desktop\139D7049-0000274E.eml:OEStandardProperty
    @Alternate Data Stream - 1083 bytes -> C:\Users\owner\Documents\New Limewire Version Available.eml:OECustomProperty

    < End of report >
     
  17. joodyanne

    joodyanne Registered Members

    Joined:
    Dec 31, 2012
    Messages:
    195
    Location:
    Victoria, Australia
    Operating System:
    Windows 7
    CPU:
    Processor Intel(R)Core(TM)i5 CPU 661 @ 3.33GHz 4.44 GHz
    Memory:
    4.00GB
    Hard Drive:
    64-bit OS
    * that should read "only ONE report"

    I was just thinking - does it show my browsers working ok? I have Google, Safari & IE, and some of the things I open up quite regularly, are not responding too well, and I'd have to go to a different browser. Can't work out why though. I was tempted to uninstall them one at a time and reinstall, to see if it made a difference. Should I delete any of them permanently and/or is Firefox more reliable? The sites I am trying to open are taking forever to respond at times.
     
  18. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    You could try to reset them first.
    I'll give you the instructions for all of the standard browsers.

    I just stick with IE and Firefox. (firefox is my main browser)
    I gave up on Chrome a long time ago as it appeared to slow my system down. .... but some prefer it.
    Have never been tempted to try Safari so can't comment on it.

    To Reset Firefox
    • At the top of the Firefox window, click the Help menu and select Troubleshooting Information
    • Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
    • To continue, click Reset Firefox in the confirmation window that opens.
    • Firefox will close and be reset. When it's done, a window will list the information that was imported.
    • Click Finish and Firefox will open.
    Note:
    After the reset is finished, your old Firefox profile information will be placed on your desktop in a folder named "Old Firefox Data." If the reset didn't fix your problem you can restore some of the information not saved by copying files to the new profile that was created.
    If you don't need this folder any longer, you should delete it as it contains sensitive information.

    The reset feature works by creating a new profile folder for you while saving your most important data.

    Firefox will try to keep the following data:

    • Bookmarks
    • Browsing history
    • Passwords
    • Cookies
    • Web form auto-fill information
    • Personal dictionary


    To reset IE.
    • Close any Internet Explorer or Windows Explorer windows that are currently open.
    • Open Internet Explorer by clicking the Start button, and then clicking Internet Explorer.
    • Click the Tools button, and then click Internet Options.
    • Click the Advanced tab, and then click Reset.
    • Select the Delete personal settings check box if you would like to remove browsing history, search providers, Accelerators, home pages, and InPrivate Filtering data.
    • In the Reset Internet Explorer Settings dialog box, click Reset.
    • When Internet Explorer finishes applying default settings, click Close, and then click OK.
    • Close Internet Explorer.
    • Your changes will take effect the next time you open Internet Explorer.


    To reset Google Chrome
    • Click the Menu option button at the top right of the Google Chrome screen
    • Select Settings.
    • Click Show advanced settings and find the "Reset browser settings” section.
    • Click Reset browser settings.
    • In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.

    Resetting your browser settings will impact the settings below:

    Default search engine and saved search engines will be reset and to their original defaults.
    Homepage button will be hidden and the URL that you previously set will be removed.
    Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.
    New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.
    Pinned tabs will be unpinned.
    Content settings will be cleared and reset to their installation defaults.
    Cookies and site data will be cleared.
    Extensions and themes will be disabled.


    To reset Safari
    • Open your Safari web browser by clicking on the Safari icon in the dock.
    • Click on Safari in your Safari menu, located at the top of your screen.
    • A drop-down menu will now appear. Choose the option labeled Reset Safari....
    • A warning dialog will now appear detailing the items that will be removed.
    • Click the button on the dialog labeled Reset to complete the process.
    Your Safari browser will now restart automatically.

    Let me know if this makes a difference.
     
  19. joodyanne

    joodyanne Registered Members

    Joined:
    Dec 31, 2012
    Messages:
    195
    Location:
    Victoria, Australia
    Operating System:
    Windows 7
    CPU:
    Processor Intel(R)Core(TM)i5 CPU 661 @ 3.33GHz 4.44 GHz
    Memory:
    4.00GB
    Hard Drive:
    64-bit OS
    Bob,
    I have now done reset the browsers so will see what happens over the next day.
    Thanks for the advice! I'll be back.
     
  20. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Ok.
    I'll be away Saturday and Sunday, but will be back online Monday.
     

Share This Page