1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

en.v9 virus

Discussion in 'Virus & Other Malware Removal' started by mjplus7, Jun 4, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. mjplus7

    mjplus7 Thread Starter

    Joined:
    Feb 23, 2005
    Messages:
    106
    All browsers open on this search page.

    Here are the logs

    Thank you so much for your help :)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:20:43 PM, on 6/4/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16448)
    Boot mode: Normal

    Running processes:
    C:\Users\Luke\Desktop\uTorrent.exe
    C:\Users\Luke\AppData\Roaming\SearchProtect\bin\cltmng.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Users\Luke\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.v9.com/?utm_source=b&utm_...VT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=1369856438
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3...M=2&UP=SPD1947C4C-5884-4DA3-ACB9-AF421FF421D3
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.v9.com/?utm_source=b&utm_...VT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=1369856438
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.v9.com/?utm_source=b&utm_...VT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=1369856438
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com/web/?utm_sourc...0BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=4325446
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com/web/?utm_sourc...0BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=4325446
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll
    O1 - Hosts: ÿþ127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: DealPly Shopping - {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: uTorrentControl_v6 - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: ooVoo toolbar, powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
    O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Luke\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [uTorrent] "C:\Users\Luke\Desktop\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [SearchProtect] C:\Users\Luke\AppData\Roaming\SearchProtect\bin\cltmng.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: eSafe Service (eSafeSvc) - eSafe Security Co., Ltd. - C:\ProgramData\eSafe\eGdpSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Distributed Link Tracking Client (TrkWks32) - Unknown owner - C:\Windows\system32\PerfCenterCPL32.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files (x86)\WinZipper\winzipersvc.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 16660 bytes
     
  2. mjplus7

    mjplus7 Thread Starter

    Joined:
    Feb 23, 2005
    Messages:
    106
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/28/2011 4:09:59 PM
    System Uptime: 6/4/2013 12:38:33 AM (19 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1439
    Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz | CPU | 1319/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 448 GiB total, 307.737 GiB free.
    D: is FIXED (NTFS) - 17 GiB total, 2.459 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: avast! Firewall NDIS Filter Miniport
    Device ID: ROOT\SW_ASWNDISMP\0000
    Manufacturer: ALWIL Software
    Name: avast! Firewall NDIS Filter Miniport
    PNP Device ID: ROOT\SW_ASWNDISMP\0000
    Service: aswNdis
    .
    ==== System Restore Points ===================
    .
    RP321: 5/24/2013 3:40:44 PM - Windows Update
    RP323: 5/25/2013 12:44:37 PM - Windows Modules Installer
    RP324: 5/25/2013 1:06:18 PM - Windows Modules Installer
    RP325: 5/26/2013 10:54:05 AM - Windows Update
    RP326: 5/30/2013 3:00:22 AM - Windows Update
    RP327: 6/1/2013 4:10:24 PM - Windows Update
    RP328: 6/4/2013 6:26:02 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    µTorrent
    7-Zip 9.20
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX 64-bit
    Adobe Photoshop Elements 7.0
    Adobe Photoshop.com Inspiration Browser
    Adobe Reader 9.5.2 MUI
    Adobe Shockwave Player 11.5
    AIM 7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    avast! Free Antivirus
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Bonjour
    Broadcom 802.11 Wireless LAN Adapter
    Build-a-lot 2
    Chuzzle Deluxe
    CinemaNow Media Manager
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 9
    CyberLink YouCam
    DealPly
    DealPly (remove only)
    Diner Dash 2 Restaurant Rescue
    DivX Setup
    Dora's Carnival Adventure
    Download Updater (AOL LLC)
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    Facebook Video Calling 1.2.0.287
    FATE
    Final Drive Nitro
    GIMP 2.8.4
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.2.1.1
    HP Advisor
    HP Customer Experience Enhancements
    HP Documentation
    HP Game Console
    HP Games
    HP MediaSmart CinemaNow 2.0
    HP Officejet 4620 series Basic Device Software
    HP Officejet 4620 series Help
    HP Photo Creations
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Software Framework
    HP Support Assistant
    HP Update
    HP Wireless Assistant
    I.R.I.S. OCR
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20 (64-bit)
    Java(TM) 6 Update 30
    Java(TM) 7 Update 2
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    LabelPrint
    McAfee Security Scan Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Default Manager
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft PowerPoint Viewer
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 8.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Online Backup
    ooVoo
    Penguins!
    PhotoNow!
    PhotoshopdotcomInspirationBrowser
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PS3 Media Server
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Recovery Manager
    Roxio CinemaNow 2.0
    RtVOsd
    Search Protect by conduit
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Skype™ 6.1
    Sophos Anti-Rootkit 1.5.20
    StartNow Toolbar
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    uTorrentControl_v6 Toolbar
    VC80CRTRedist - 8.0.50727.4053
    Virtual Families
    Virtual Villagers - The Secret City
    Wheel of Fortune 2
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinZipper
    Yontoo Layers Runtime 1.10.01
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/4/2013 7:10:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    6/4/2013 12:40:59 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    6/3/2013 3:31:11 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    6/3/2013 1:26:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    5/31/2013 9:51:27 PM, Error: Service Control Manager [7000] - The RtVOsdService Installer service failed to start due to the following error: The system cannot find the file specified.
    5/31/2013 12:56:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
    5/29/2013 3:41:05 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer FAMILYPC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D14A09F7-7B98-4F2C-9519-D2CADCACD423}. The master browser is stopping or an election is being forced.
    5/29/2013 2:39:52 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.141 with the system having network hardware address 24-BE-05-D3-E7-21. Network operations on this system may be disrupted as a result.
    5/28/2013 8:11:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    5/28/2013 8:11:55 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  3. mjplus7

    mjplus7 Thread Starter

    Joined:
    Feb 23, 2005
    Messages:
    106
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16448 BrowserJavaVersion: 10.2.0
    Run by Luke at 19:21:08 on 2013-06-04
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2009 [GMT -4:00]
    .
    AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\ProgramData\eSafe\eGdpSvc.exe
    C:\Program Files (x86)\WinZipper\winzipersvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Users\Luke\Desktop\uTorrent.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Users\Luke\AppData\Roaming\SearchProtect\bin\cltmng.exe
    C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=61&CUI=UN13106994151810917&UM=2&UP=SPD1947C4C-5884-4DA3-ACB9-AF421FF421D3
    uDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=1369856438
    mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=1369856438
    mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=1369856438
    mSearchAssistant = hxxp://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=4325446
    mCustomizeSearch = hxxp://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=4325446
    uURLSearchHooks: uTorrentControl_v6 Toolbar: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll
    mURLSearchHooks: uTorrentControl_v6 Toolbar: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: DealPly Shopping: {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
    BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: uTorrentControl_v6 Toolbar: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
    TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: uTorrentControl_v6 Toolbar: {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: uTorrentControl_v6 Toolbar: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll
    uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Facebook Update] "C:\Users\Luke\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [uTorrent] "C:\Users\Luke\Desktop\uTorrent.exe" /MINIMIZED
    uRun: [SearchProtect] C:\Users\Luke\AppData\Roaming\SearchProtect\bin\cltmng.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
    DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{D14A09F7-7B98-4F2C-9519-D2CADCACD423} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{D14A09F7-7B98-4F2C-9519-D2CADCACD423}\4696375616375637D27657563747 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{D14A09F7-7B98-4F2C-9519-D2CADCACD423}\84F6D6560266F6F6C6 : DHCPNameServer = 216.144.187.37 204.186.0.201 207.44.96.129
    TCP: Interfaces\{D14A09F7-7B98-4F2C-9519-D2CADCACD423}\E4544574541425 : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{D14A09F7-7B98-4F2C-9519-D2CADCACD423}\E63636F5075726C69636F5D6F6E6F536C63747 : DHCPNameServer = 208.73.176.3 208.73.176.17
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=1369856438
    x64-mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=1369856438
    x64-mSearchAssistant = hxxp://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=4325446
    x64-mCustomizeSearch = hxxp://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=4325446
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\45u8qdtp.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&CUI=UN38651916541149234&UM=2&SearchSource=3&q={searchTerms}
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&SearchSource=2&CUI=UN38651916541149234&UM=2&q=
    FF - prefs.js: browser.startup.homepage - hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=1369856438
    FF - prefs.js: browser.search.selectedEngine - v9
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
    FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Luke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\45u8qdtp.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\plugins\np-mswmp.dll
    FF - plugin: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\45u8qdtp.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\plugins\npConduitFirefoxPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - ExtSQL: 2013-04-17 08:09; [email protected]; C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
    FF - ExtSQL: 2013-05-16 15:07; {96f454ea-9d38-474f-b504-56193e00c1a5}; C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\45u8qdtp.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
    FF - ExtSQL: 2013-05-29 15:40; [email protected]; C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\45u8qdtp.default\extensions\[email protected]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-18 65336]
    R0 FixTDSS;TDSS Fixtool driver;C:\Windows\System32\drivers\FixTDSS.sys [2011-9-11 27256]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-4-17 52856]
    R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-3-18 22600]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-1 1025808]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-3-1 377920]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-20 98208]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-3-1 33400]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-3-1 80816]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-26 45248]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
    R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-5-8 97056]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 eSafeSvc;eSafe Service;C:\ProgramData\eSafe\eGdpSvc.exe [2013-5-16 360512]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-20 13336]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-20 2320920]
    R2 winzipersvc;WinZiper service;C:\Program Files (x86)\WinZipper\winzipersvc.exe [2013-5-29 424104]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
    S2 TrkWks32;Distributed Link Tracking Client ;C:\Windows\System32\PerfCenterCPL32.exe --> C:\Windows\System32\PerfCenterCPL32.exe [?]
    S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-18 178624]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-20 333928]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-22 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-12-14 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-6 1255736]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2013-06-04 22:27:10 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C4750024-EEF1-430D-962F-2513AE95393C}\mpengine.dll
    2013-05-31 13:45:42 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-05-31 13:45:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-05-31 13:45:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-05-31 13:45:41 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-05-31 13:45:41 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-05-31 13:45:40 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-05-29 19:41:01 -------- d-----w- C:\Users\Luke\AppData\Roaming\WinZipper
    2013-05-29 19:41:01 -------- d-----w- C:\Program Files (x86)\WinZipper
    2013-05-29 19:40:56 -------- d-----w- C:\Users\Luke\AppData\Roaming\DealPly
    2013-05-29 19:40:50 -------- d-----w- C:\Program Files (x86)\DealPly
    2013-05-16 19:09:30 -------- d-----w- C:\Program Files (x86)\Conduit
    2013-05-16 19:07:15 -------- d-----w- C:\Program Files (x86)\SearchProtect
    2013-05-16 19:07:13 -------- d-----w- C:\Users\Luke\AppData\Local\CRE
    2013-05-16 19:06:50 -------- d-----w- C:\Users\Luke\AppData\Roaming\SearchProtect
    2013-05-16 19:06:17 -------- d-----w- C:\ProgramData\eSafe
    2013-05-16 19:06:13 -------- d-----w- C:\Users\Luke\AppData\Local\Conduit
    2013-05-16 19:06:13 -------- d-----w- C:\Program Files (x86)\uTorrentControl_v6
    2013-05-16 19:05:56 -------- d-----w- C:\Users\Luke\AppData\Roaming\eIntaller
    2013-05-16 19:01:45 -------- d-----w- C:\Users\Luke\AppData\Roaming\uTorrent
    2013-05-15 19:30:16 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-05-15 19:30:16 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-05-15 19:30:15 144384 ----a-w- C:\Windows\System32\cdd.dll
    2013-05-15 19:30:05 1930752 ----a-w- C:\Windows\System32\authui.dll
    2013-05-15 19:30:04 70144 ----a-w- C:\Windows\System32\appinfo.dll
    2013-05-15 19:30:04 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-05-15 19:30:04 111448 ----a-w- C:\Windows\System32\consent.exe
    2013-05-15 19:29:31 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-05-15 19:29:29 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
    2013-05-15 19:29:29 230400 ----a-w- C:\Windows\System32\wwansvc.dll
    .
    ==================== Find3M ====================
    .
    2013-05-29 19:41:01 773800 ----a-w- C:\Windows\SysWow64\msvcr100.dll
    2013-05-29 19:41:01 421032 ----a-w- C:\Windows\SysWow64\msvcp100.dll
    2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-04-17 12:31:25 10488 ------w- C:\Windows\System32\drivers\cdralw2k.sys
    2013-04-17 12:31:25 10488 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
    2013-04-17 12:31:24 129784 ------w- C:\Windows\SysWow64\pxafs.dll
    2013-04-17 12:31:24 116472 ------w- C:\Windows\SysWow64\pxcpyi64.exe
    2013-04-17 12:31:23 52856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
    2013-04-17 12:31:23 118520 ------w- C:\Windows\SysWow64\pxinsi64.exe
    2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
    .
    ============= FINISH: 19:22:45.85 ===============
     
  4. mjplus7

    mjplus7 Thread Starter

    Joined:
    Feb 23, 2005
    Messages:
    106
    ark txt was too long so had to attach.
     

    Attached Files:

    • ark.txt
      File size:
      311.3 KB
      Views:
      1
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Hiya Joan and welcome back,

    OK I can see several issues with the logs you post, lets continue:

    Please download RKill from here: http://www.bleepingcomputer.com/download/rkill/

    There are three buttons to choose from with different names on, select the first one and save it to your desktop.

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
    • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
    • If the tool does not run from any of the links provided, please let me know.

    Next,

    Download http://www.bleepingcomputer.com/download/adwcleaner/ by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

    Download Malwarebytes from one of the following links and save it to your desktop.:


    http://www.malwarebytes.org/mbam.php
    http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
    http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Next,

    Download OTL from any of the following links and save to your desktop.

    http://itxassociates.com/OT-Tools/OTL.com
    http://oldtimer.geekstogo.com/OTL.exe
    http://www.itxassociates.com/OT-Tools/OTL.scr

    Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

    • When the window appears, underneath Output at the top, make sure Standard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Click Run Scan and let the program run uninterrupted.
    • When the scan is complete, two text files will be created on your Desktop.
    • OTL.Txt <- this one will be opened
    • Extras.txt <- this one will be minimized

    Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

    Let me see those logs....

    Kevin
     
  6. mjplus7

    mjplus7 Thread Starter

    Joined:
    Feb 23, 2005
    Messages:
    106
    Rkill 2.5.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 06/05/2013 05:20:58 PM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * No issues found.

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t

    : : 1 l o c a l h o s t



    Program finished at: 06/05/2013 05:23:04 PM
    Execution time: 0 hours(s), 2 minute(s), and 6 seconds(s)
     
  7. mjplus7

    mjplus7 Thread Starter

    Joined:
    Feb 23, 2005
    Messages:
    106
    # AdwCleaner v2.301 - Logfile created 06/05/2013 at 17:25:52
    # Updated 16/05/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Luke - LUKE-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Luke\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : CltMngSvc
    Stopped & Deleted : eSafeSvc

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
    File Deleted : C:\Program Files (x86)\Mozilla firefox\searchplugins\v9.xml
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\45u8qdtp.default\searchplugins\Conduit.xml
    Folder Deleted : C:\Program Files (x86)\Ask.com
    Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\DealPly
    Folder Deleted : C:\Program Files (x86)\SearchProtect
    Folder Deleted : C:\Program Files (x86)\uTorrentControl_v6
    Folder Deleted : C:\Program Files (x86)\Yontoo Layers Runtime
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\eSafe
    Folder Deleted : C:\Users\Luke\AppData\Local\Babylon
    Folder Deleted : C:\Users\Luke\AppData\Local\Conduit
    Folder Deleted : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
    Folder Deleted : C:\Users\Luke\AppData\Local\Temp\CT3289075
    Folder Deleted : C:\Users\Luke\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Luke\AppData\LocalLow\boost_interprocess
    Folder Deleted : C:\Users\Luke\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Luke\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Luke\AppData\LocalLow\uTorrentControl_v6
    Folder Deleted : C:\Users\Luke\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Luke\AppData\Roaming\DealPly
    Folder Deleted : C:\Users\Luke\AppData\Roaming\eIntaller
    Folder Deleted : C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
    Folder Deleted : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\45u8qdtp.default\CT3289075
    Folder Deleted : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\45u8qdtp.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
    Folder Deleted : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\45u8qdtp.default\extensions\[email protected]
    Folder Deleted : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\45u8qdtp.default\Smartbar
    Folder Deleted : C:\Users\Luke\AppData\Roaming\SearchProtect
    Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v6
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\DealPly
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Key Deleted : HKCU\Software\SearchProtect
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\StartNow Toolbar
    Key Deleted : HKCU\Software\uTorrentControl_v6
    Key Deleted : HKCU\Software\V9
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AskToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DealPly
    Key Deleted : HKLM\Software\eSafeSecControl
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\StartNow Toolbar
    Key Deleted : HKLM\Software\uTorrentControl_v6
    Key Deleted : HKLM\Software\V9
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B6F40A7-45B4-4CF4-92CB-E661C9DD6617}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65117898-6FE8-4C49-BBCF-027ED4E44B18}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96F454EA-9D38-474F-B504-56193E00C1A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v6 Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{96F454EA-9D38-474F-B504-56193E00C1A5}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{96F454EA-9D38-474F-B504-56193E00C1A5}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16448

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=61&CUI=UN13106994151810917&UM=2&UP=SPD1947C4C-5884-4DA3-ACB9-AF421FF421D3 --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=1369856438 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=4325446 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=4325446 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=1369856438 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=1369856438 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=1369856438 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=WDCXWD5000BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=1369856438 --> hxxp://www.google.com

    -\\ Mozilla Firefox v8.0 (en-US)

    File : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\45u8qdtp.default\prefs.js

    Deleted : user_pref("CT3289075.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2OTczMzA3MywidXVpZCI6NjMyMzAzMjUyODc4MTg1LCJ[...]
    Deleted : user_pref("CT3289075.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3289075.FF19Solved", "true");
    Deleted : user_pref("CT3289075.FirstTime", "true");
    Deleted : user_pref("CT3289075.FirstTimeFF3", "true");
    Deleted : user_pref("CT3289075.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
    Deleted : user_pref("CT3289075.UserID", "UN38651916541149234");
    Deleted : user_pref("CT3289075.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT3289075.autoDisableScopes", -1);
    Deleted : user_pref("CT3289075.browser.search.defaultthis.engineName", "true");
    Deleted : user_pref("CT3289075.cb_experience_000.enc", "MQ==");
    Deleted : user_pref("CT3289075.cb_firstuse0100.enc", "MQ==");
    Deleted : user_pref("CT3289075.cb_user_id_000.enc", "Q0I4NTc4MTU3MjQ2ODlfMTM2OTczMzA5MTkwNl9GaXJlZm94");
    Deleted : user_pref("CT3289075.cbfirsttime.enc", "VHVlIE1heSAyOCAyMDEzIDA1OjI0OjQxIEdNVC0wNDAwIChFYXN0ZXJuIERh[...]
    Deleted : user_pref("CT3289075.defaultSearch", "true");
    Deleted : user_pref("CT3289075.embeddedsData", "[{\"appId\":\"130064539389933152\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT3289075.enableFix404ByUser", "FALSE");
    Deleted : user_pref("CT3289075.enableSearchFromAddressBar", "true");
    Deleted : user_pref("CT3289075.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT3289075.fixPageNotFoundErrorByUser", "TRUE");
    Deleted : user_pref("CT3289075.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT3289075.fixUrls", true);
    Deleted : user_pref("CT3289075.installDate", "16/5/2013 15:06:48");
    Deleted : user_pref("CT3289075.installType", "xpe");
    Deleted : user_pref("CT3289075.installUsage", "2013-05-28T12:24:34.5225197+03:00");
    Deleted : user_pref("CT3289075.installUsageEarly", "2013-05-28T12:24:30.2168093+03:00");
    Deleted : user_pref("CT3289075.installerVersion", "1.3.7.3");
    Deleted : user_pref("CT3289075.isCheckedStartAsHidden", true);
    Deleted : user_pref("CT3289075.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3289075.isFirstTimeToolbarLoading", "false");
    Deleted : user_pref("CT3289075.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT3289075.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT3289075.keyword", "true");
    Deleted : user_pref("CT3289075.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
    Deleted : user_pref("CT3289075.lastVersion", "10.15.0.62");
    Deleted : user_pref("CT3289075.mam_gk_appStateReportTime.enc", "MTM2OTczMzA3NzI0MQ==");
    Deleted : user_pref("CT3289075.mam_gk_appState_CouponBuddy.enc", "b24=");
    Deleted : user_pref("CT3289075.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
    Deleted : user_pref("CT3289075.mam_gk_appState_PriceGong.enc", "b24=");
    Deleted : user_pref("CT3289075.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
    Deleted : user_pref("CT3289075.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
    Deleted : user_pref("CT3289075.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJ[...]
    Deleted : user_pref("CT3289075.mam_gk_currentVersion.enc", "MS42LjAuOTk=");
    Deleted : user_pref("CT3289075.mam_gk_eventsCache.enc", "eyJkMzA5Mjk3ZC1iYzBiLTQ5OTMtOTU0YS1jZmMxZjI1MWU4NjQiO[...]
    Deleted : user_pref("CT3289075.mam_gk_first_time.enc", "MQ==");
    Deleted : user_pref("CT3289075.mam_gk_gadgetOpen.enc", "MA==");
    Deleted : user_pref("CT3289075.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
    Deleted : user_pref("CT3289075.mam_gk_lastLoginTime.enc", "MTM2OTczMzA3NDM1OA==");
    Deleted : user_pref("CT3289075.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
    Deleted : user_pref("CT3289075.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
    Deleted : user_pref("CT3289075.mam_gk_settings1.6.0.99.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVy[...]
    Deleted : user_pref("CT3289075.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
    Deleted : user_pref("CT3289075.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");
    Deleted : user_pref("CT3289075.mam_gk_userId.enc", "MWVhMDJiYzgtZTA3YS00NTc0LWFhZWYtMmQxNTY0YWFmODA3");
    Deleted : user_pref("CT3289075.migrateAppsAndComponents", true);
    Deleted : user_pref("CT3289075.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.techguy.org%[...]
    Deleted : user_pref("CT3289075.openThankYouPage", "true");
    Deleted : user_pref("CT3289075.openUninstallPage", "false");
    Deleted : user_pref("CT3289075.price-gong.isManagedApp", "true");
    Deleted : user_pref("CT3289075.revertSettingsEnabled", "TRUE");
    Deleted : user_pref("CT3289075.searchFromAddressBarEnabledByUser", "true");
    Deleted : user_pref("CT3289075.searchInNewTabEnabledByUser", "true");
    Deleted : user_pref("CT3289075.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT3289075.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3289075.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT3289075.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
    Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT3289075.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1369733067717");
    Deleted : user_pref("CT3289075.serviceLayer_services_appsMetadata_lastUpdate", "1369733067777");
    Deleted : user_pref("CT3289075.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1369733067729");
    Deleted : user_pref("CT3289075.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1369733063[...]
    Deleted : user_pref("CT3289075.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1369733068398")[...]
    Deleted : user_pref("CT3289075.serviceLayer_services_location_lastUpdate", "1369733063841");
    Deleted : user_pref("CT3289075.serviceLayer_services_login_10.15.0.62_lastUpdate", "1369733067978");
    Deleted : user_pref("CT3289075.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1369733067677");
    Deleted : user_pref("CT3289075.serviceLayer_services_searchAPI_lastUpdate", "1369733063920");
    Deleted : user_pref("CT3289075.serviceLayer_services_serviceMap_lastUpdate", "1369733046090");
    Deleted : user_pref("CT3289075.serviceLayer_services_toolbarContextMenu_lastUpdate", "1369733067603");
    Deleted : user_pref("CT3289075.serviceLayer_services_toolbarSettings_lastUpdate", "1369733064052");
    Deleted : user_pref("CT3289075.serviceLayer_services_translation_lastUpdate", "1369733067792");
    Deleted : user_pref("CT3289075.settingsINI", true);
    Deleted : user_pref("CT3289075.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT3289075.showToolbarPermission", "false");
    Deleted : user_pref("CT3289075.smartbar.CTID", "CT3289075");
    Deleted : user_pref("CT3289075.smartbar.Uninstall", "0");
    Deleted : user_pref("CT3289075.smartbar.homepage", true);
    Deleted : user_pref("CT3289075.smartbar.toolbarName", "uTorrentControl_v6 ");
    Deleted : user_pref("CT3289075.startPage", "true");
    Deleted : user_pref("CT3289075.toolbarBornServerTime", "28-5-2013");
    Deleted : user_pref("CT3289075.toolbarCurrentServerTime", "28-5-2013");
    Deleted : user_pref("CT3289075.toolbarLoginClientTime", "Tue May 28 2013 05:24:27 GMT-0400 (Eastern Daylight T[...]
    Deleted : user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289075&octid=CT328907[...]
    Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v6 Customized Web Search");
    Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075[...]
    Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289075");
    Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl_v6 Customized Web Search");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&CUI[...]
    Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&SearchSource=2&CU[...]
    Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075[...]
    Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
    Deleted : user_pref("smartbar.machineId", "KUGUQWBJF9LFUNKI3Y5208RPQ3B1JBWDODA0LCVFLLXV2AFLSAXXKYWGKEXK0OS87GG[...]
    Deleted : user_pref("smartbar.originalHomepage", "hxxp://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=W[...]
    Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
    Deleted : user_pref("smartbar.originalSearchEngine", "v9");
    Deleted : user_pref("browser.startup.homepage", "hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&[...]
    Deleted : user_pref("browser.search.defaultenginename", "v9");
    Deleted : user_pref("browser.search.order.1", "v9");
    Deleted : user_pref("browser.search.selectedEngine", "v9");

    -\\ Google Chrome v27.0.1453.110

    File : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.25] : keyword = "v9",
    Deleted [l.29] : search_url = "hxxp://search.v9.com/web/?utm_source=b&utm_medium=update&from=update&uid=WDCXWD[...]

    *************************

    AdwCleaner[S1].txt - [26240 octets] - [05/06/2013 17:25:52]

    ########## EOF - C:\AdwCleaner[S1].txt - [26301 octets] ##########
     
  8. mjplus7

    mjplus7 Thread Starter

    Joined:
    Feb 23, 2005
    Messages:
    106
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.05.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Luke :: LUKE-HP [administrator]

    6/5/2013 5:36:08 PM
    mbam-log-2013-06-05 (17-36-08).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 235527
    Time elapsed: 7 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Users\Luke\AppData\Local\Temp\bnd_ar_2013425112757_env9.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Users\Luke\Downloads\FreeDownloadManager_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
    C:\Users\Luke\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

    (end)
     
  9. mjplus7

    mjplus7 Thread Starter

    Joined:
    Feb 23, 2005
    Messages:
    106
    OTL logfile created on: 6/5/2013 5:51:32 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luke\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 65.11% Memory free
    7.60 Gb Paging File | 6.06 Gb Available in Paging File | 79.66% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 448.45 Gb Total Space | 306.94 Gb Free Space | 68.45% Space Free | Partition Type: NTFS
    Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS

    Computer Name: LUKE-HP | User Name: Luke | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/06/05 16:02:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luke\Desktop\OTL.com
    PRC - [2013/05/30 10:53:03 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Program Files (x86)\WinZipper\winzipersvc.exe
    PRC - [2013/05/16 15:05:24 | 001,045,072 | ---- | M] (BitTorrent Inc.) -- C:\Users\Luke\Desktop\uTorrent.exe
    PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/02/05 11:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    PRC - [2012/02/15 13:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/14 21:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/05/21 05:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    PRC - [2010/04/13 13:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/04/13 13:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/05/16 15:10:10 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
    MOD - [2013/05/16 15:09:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
    MOD - [2013/05/16 15:09:31 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
    MOD - [2013/05/16 15:09:09 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
    MOD - [2013/05/16 15:08:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
    MOD - [2013/01/09 17:58:05 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
    MOD - [2013/01/09 17:58:03 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll
    MOD - [2013/01/09 13:35:04 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
    MOD - [2013/01/09 13:34:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
    MOD - [2013/01/09 13:34:26 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
    MOD - [2013/01/09 13:33:12 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013/01/09 13:31:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
    MOD - [2013/01/09 13:31:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013/01/09 13:31:06 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
    MOD - [2012/11/14 22:21:20 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
    MOD - [2011/02/14 21:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/02/14 21:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/02/09 21:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    MOD - [2010/02/09 21:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    MOD - [2010/02/09 21:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
    MOD - [2010/02/09 21:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
    MOD - [2010/02/09 21:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
    MOD - [2010/02/09 21:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    MOD - [2010/02/09 21:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    MOD - [2010/02/09 21:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/06/18 19:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
    SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/05/30 10:53:03 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Program Files (x86)\WinZipper\winzipersvc.exe -- (winzipersvc)
    SRV - [2013/04/17 08:39:22 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
    SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/05/21 05:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2010/04/13 13:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/04/17 08:31:23 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2013/03/06 18:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2013/03/06 18:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2013/03/06 18:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/11 16:59:40 | 000,027,256 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FixTDSS.sys -- (FixTDSS)
    DRV:64bit: - [2011/05/10 14:25:52 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/20 12:40:35 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/05/31 15:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/04/13 13:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/02/03 10:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
    DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2009/09/22 21:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com/web/?utm_sourc...0BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=4325446
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com/web/?utm_sourc...0BEVT-60A0RT0_WD-WXM1EA0ULH48ULH48&ts=4325446
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{511ABF6D-A8E2-4E1D-993A-FFF3E4EE76D1}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{7B3E1406-190B-4197-A7E8-876B45AD1228}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{7D710B45-12E9-4DEE-BDE6-67C3F2DF7765}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE:64bit: - HKLM\..\SearchScopes\{8ED98EE2-32B4-4C66-99D7-A947827F5C12}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{511ABF6D-A8E2-4E1D-993A-FFF3E4EE76D1}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{7B3E1406-190B-4197-A7E8-876B45AD1228}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{7D710B45-12E9-4DEE-BDE6-67C3F2DF7765}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{8ED98EE2-32B4-4C66-99D7-A947827F5C12}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 85 C1 01 14 61 B7 9C 4F 87 6C 16 D1 F5 8F 24 2A [binary data]
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 85 C1 01 14 61 B7 9C 4F 87 6C 16 D1 F5 8F 24 2A [binary data]
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 85 C1 01 14 61 B7 9C 4F 87 6C 16 D1 F5 8F 24 2A [binary data]
    IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\..\SearchScopes\{511ABF6D-A8E2-4E1D-993A-FFF3E4EE76D1}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
    IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\..\SearchScopes\{7B3E1406-190B-4197-A7E8-876B45AD1228}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\..\SearchScopes\{7D710B45-12E9-4DEE-BDE6-67C3F2DF7765}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\..\SearchScopes\{8ED98EE2-32B4-4C66-99D7-A947827F5C12}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\..\SearchScopes\{915FC82A-E332-4B03-B2BF-FA976FF8E990}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN13106994151810917&UM=2
    IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\..\SearchScopes\{CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z131&form=ZGAIDF&install_date=20110816&iesrc={referrer:source}
    IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: dislikes@dige:1.0.1.4
    FF - prefs.js..extensions.enabledAddons: {96f454ea-9d38-474f-b504-56193e00c1a5}:10.15.0.62
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Luke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/06 04:02:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/25 21:30:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/25 21:30:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/18 05:04:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013/04/17 08:09:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/19 01:58:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/11/19 01:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luke\AppData\Roaming\Mozilla\Extensions
    [2013/06/05 17:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\45u8qdtp.default\extensions
    [2012/09/09 21:56:16 | 000,072,942 | ---- | M] () (No name found) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\45u8qdtp.default\extensions\[email protected]
    [2012/01/18 20:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/01/18 20:19:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    File not found (No name found) -- C:\USERS\LUKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\45U8QDTP.DEFAULT\EXTENSIONS\{96F454EA-9D38-474F-B504-56193E00C1A5}
    File not found (No name found) -- C:\USERS\LUKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\45U8QDTP.DEFAULT\EXTENSIONS\[email protected]
    [2011/11/05 02:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/11/04 23:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/04 23:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: v9 (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
    CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Luke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    CHR - Extension: Google Docs = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: DivX HiQ = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: avast! WebRep = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
    CHR - Extension: Gmail = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2011/09/12 06:46:37 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001..\Run: [Facebook Update] C:\Users\Luke\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
    O4 - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001..\Run: [uTorrent] C:\Users\Luke\Desktop\uTorrent.exe (BitTorrent Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
    O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D14A09F7-7B98-4F2C-9519-D2CADCACD423}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\gopher - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/06/05 17:35:01 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Malwarebytes
    [2013/06/05 17:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/06/05 17:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/06/05 17:32:18 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/06/05 17:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/06/05 16:09:28 | 000,991,872 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Luke\Desktop\rkill64.com
    [2013/06/05 16:02:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luke\Desktop\OTL.com
    [2013/06/05 16:01:21 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Luke\Desktop\mbam-setup-1.75.0.1300.exe
    [2013/06/05 15:38:12 | 000,000,000 | -HSD | C] -- C:\found.002
    [2013/06/04 19:17:19 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Luke\Desktop\dds.scr
    [2013/06/04 19:14:08 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Luke\Desktop\HijackThis.exe
    [2013/05/31 09:45:42 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013/05/31 09:45:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/05/31 09:45:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/05/31 09:45:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/05/31 09:45:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/05/31 09:45:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/05/29 15:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
    [2013/05/29 15:41:01 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\WinZipper
    [2013/05/29 15:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZipper
    [2013/05/16 15:07:13 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\CRE
    [2013/05/16 15:05:23 | 001,045,072 | ---- | C] (BitTorrent Inc.) -- C:\Users\Luke\Desktop\uTorrent.exe
    [2013/05/16 15:01:45 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\uTorrent
    [2013/05/15 15:30:16 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
    [2013/05/15 15:30:15 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
    [2013/05/15 15:30:05 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
    [2013/05/15 15:30:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
    [2013/05/15 15:30:04 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
    [2013/05/15 15:30:04 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
    [2013/05/15 15:29:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
    [2013/05/07 13:48:39 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2013/05/07 13:48:39 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
    [2013/05/07 13:48:39 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2013/05/07 13:48:39 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
    [2013/05/07 13:48:39 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
    [2013/05/07 13:48:39 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2013/05/07 13:48:39 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2013/05/07 13:48:39 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
    [2013/05/07 13:48:39 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2013/05/07 13:48:39 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
    [2013/05/07 13:48:39 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2013/05/07 13:48:39 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2013/05/07 13:48:39 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2013/05/07 13:48:39 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
    [2013/05/07 13:48:39 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
    [2013/05/07 13:48:39 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2013/05/07 13:48:39 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
    [2013/05/07 13:48:39 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2013/05/07 13:48:39 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
    [2013/05/07 13:48:39 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
    [2013/05/07 13:48:39 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
    [2013/05/07 13:48:39 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2013/05/07 13:48:39 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
    [2013/05/07 13:48:39 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/05/07 13:48:39 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/05/07 13:48:39 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/05/07 13:48:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/05/07 13:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/05/06 19:43:18 | 000,000,000 | ---D | C] -- C:\Users\Luke\Desktop\picsfromfosterfieldand col
    [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Users\Luke\Desktop\*.tmp files -> C:\Users\Luke\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/06/05 17:55:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/06/05 17:55:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/06/05 17:46:30 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/06/05 17:46:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/06/05 17:46:05 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
    [2013/06/05 17:32:24 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/06/05 17:26:31 | 000,000,171 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013/06/05 17:22:37 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/06/05 17:22:36 | 000,002,417 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/06/05 16:09:28 | 000,991,872 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Luke\Desktop\rkill64.com
    [2013/06/05 16:02:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luke\Desktop\OTL.com
    [2013/06/05 16:01:54 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Luke\Desktop\mbam-setup-1.75.0.1300.exe
    [2013/06/05 16:00:15 | 000,632,031 | ---- | M] () -- C:\Users\Luke\Desktop\AdwCleaner.exe
    [2013/06/05 15:39:58 | 000,006,832 | ---- | M] () -- C:\bootsqm.dat
    [2013/06/05 01:22:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3944735997-2752461605-1968013451-1001UA.job
    [2013/06/04 19:22:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3944735997-2752461605-1968013451-1001Core.job
    [2013/06/04 19:18:15 | 000,377,856 | ---- | M] () -- C:\Users\Luke\Desktop\kdywx524.exe
    [2013/06/04 19:17:20 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Luke\Desktop\dds.scr
    [2013/06/04 19:14:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Luke\Desktop\HijackThis.exe
    [2013/05/29 15:41:01 | 000,773,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
    [2013/05/29 15:41:01 | 000,421,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
    [2013/05/26 23:52:09 | 521,912,751 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/05/24 14:02:42 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/05/24 14:02:42 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/05/24 14:02:42 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/05/16 19:04:54 | 000,287,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/05/16 15:06:16 | 000,002,493 | ---- | M] () -- C:\Users\Luke\Desktop\Google Chrome.lnk
    [2013/05/16 15:06:16 | 000,001,372 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/05/16 15:06:07 | 000,002,517 | ---- | M] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/05/16 15:06:07 | 000,001,675 | ---- | M] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/05/16 15:05:24 | 001,045,072 | ---- | M] (BitTorrent Inc.) -- C:\Users\Luke\Desktop\uTorrent.exe
    [2013/05/16 15:05:24 | 000,000,508 | ---- | M] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2013/05/16 15:05:24 | 000,000,500 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2013/05/08 15:07:53 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLuke.job
    [2013/05/07 13:48:39 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2013/05/07 13:48:39 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
    [2013/05/07 13:48:39 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2013/05/07 13:48:39 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
    [2013/05/07 13:48:39 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
    [2013/05/07 13:48:39 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2013/05/07 13:48:39 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2013/05/07 13:48:39 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
    [2013/05/07 13:48:39 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2013/05/07 13:48:39 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
    [2013/05/07 13:48:39 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2013/05/07 13:48:39 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2013/05/07 13:48:39 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2013/05/07 13:48:39 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
    [2013/05/07 13:48:39 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
    [2013/05/07 13:48:39 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2013/05/07 13:48:39 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
    [2013/05/07 13:48:39 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2013/05/07 13:48:39 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
    [2013/05/07 13:48:39 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
    [2013/05/07 13:48:39 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
    [2013/05/07 13:48:39 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2013/05/07 13:48:39 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
    [2013/05/07 13:48:39 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/05/07 13:48:39 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/05/07 13:48:39 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/05/07 13:48:39 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/05/07 13:48:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/05/07 13:48:39 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Users\Luke\Desktop\*.tmp files -> C:\Users\Luke\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/06/05 17:32:24 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/06/05 17:26:01 | 000,000,171 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013/06/05 16:00:02 | 000,632,031 | ---- | C] () -- C:\Users\Luke\Desktop\AdwCleaner.exe
    [2013/06/05 15:39:58 | 000,006,832 | ---- | C] () -- C:\bootsqm.dat
    [2013/06/04 19:18:08 | 000,377,856 | ---- | C] () -- C:\Users\Luke\Desktop\kdywx524.exe
    [2013/05/16 15:05:24 | 000,000,508 | ---- | C] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2013/05/16 15:05:24 | 000,000,500 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2013/04/17 08:04:05 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2013/03/31 16:56:23 | 000,002,147 | ---- | C] () -- C:\Users\Luke\AppData\Local\recently-used.xbel
    [2012/03/08 21:23:20 | 000,000,229 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\My Profile.xml
    [2011/09/09 13:42:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/09/09 13:42:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/09/09 13:42:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/09/09 13:42:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/09/09 13:42:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/08/28 23:10:08 | 000,000,000 | ---- | C] () -- C:\Users\Luke\AppData\Local\{7AE1A5D6-3E17-47D0-B069-17D10100F58E}
    [2011/08/24 01:22:52 | 000,000,037 | ---- | C] () -- C:\ProgramData\7e909826
    [2011/03/23 15:47:20 | 000,001,854 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\GhostObjGAFix.xml

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/02/28 17:58:44 | 000,000,000 | ---D | M] -- C:\Users\Luke\AppData\Roaming\acccore
    [2012/03/01 12:57:34 | 000,000,000 | ---D | M] -- C:\Users\Luke\AppData\Roaming\Blackboard
    [2012/03/01 11:38:52 | 000,000,000 | ---D | M] -- C:\Users\Luke\AppData\Roaming\Collaborate
    [2012/02/02 09:22:38 | 000,000,000 | ---D | M] -- C:\Users\Luke\AppData\Roaming\Elluminate
    [2011/09/11 15:30:02 | 000,000,000 | ---D | M] -- C:\Users\Luke\AppData\Roaming\FixTDSS
    [2011/08/16 02:46:55 | 000,000,000 | ---D | M] -- C:\Users\Luke\AppData\Roaming\ooVoo Details
    [2013/05/08 14:47:57 | 000,000,000 | ---D | M] -- C:\Users\Luke\AppData\Roaming\SoftGrid Client
    [2011/02/28 17:56:35 | 000,000,000 | ---D | M] -- C:\Users\Luke\AppData\Roaming\TP
    [2013/06/05 18:03:36 | 000,000,000 | ---D | M] -- C:\Users\Luke\AppData\Roaming\uTorrent
    [2011/09/07 02:36:24 | 000,000,000 | ---D | M] -- C:\Users\Luke\AppData\Roaming\WildTangent
    [2013/05/30 07:51:55 | 000,000,000 | ---D | M] -- C:\Users\Luke\AppData\Roaming\WinZipper

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

    < End of report >
     
  10. mjplus7

    mjplus7 Thread Starter

    Joined:
    Feb 23, 2005
    Messages:
    106
    Had to send as attachment...
     
  11. mjplus7

    mjplus7 Thread Starter

    Joined:
    Feb 23, 2005
    Messages:
    106
    Sorry messed up...
     

    Attached Files:

    • OTL.Txt
      File size:
      134.7 KB
      Views:
      0
  12. mjplus7

    mjplus7 Thread Starter

    Joined:
    Feb 23, 2005
    Messages:
    106
    OTL Extras logfile created on: 6/5/2013 5:51:32 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luke\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 65.11% Memory free
    7.60 Gb Paging File | 6.06 Gb Available in Paging File | 79.66% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 448.45 Gb Total Space | 306.94 Gb Free Space | 68.45% Space Free | Partition Type: NTFS
    Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS

    Computer Name: LUKE-HP | User Name: Luke | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-3944735997-2752461605-1968013451-1001\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1048E70F-E9C7-487E-9C5C-1C8280FB0FEC}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{236F626B-9CBA-4CCE-9C16-871A0161268B}" = lport=37690 | protocol=17 | dir=in | name=oovoo udp port 37690 |
    "{2E35E191-FD81-43C6-9FA3-FC5F2A51ABF1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3BEA61BF-1840-4B8F-9777-334EC7954580}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{4609EB05-CBBF-4ACC-960C-DB02DCB9C5C0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4D7F313B-0C65-4D65-A150-617174ACBE78}" = lport=139 | protocol=6 | dir=in | app=system |
    "{67ED80C9-A193-4D28-8624-7270D7B4498A}" = rport=139 | protocol=6 | dir=out | app=system |
    "{68EE28C3-045F-42B4-AA25-F97C954040BD}" = rport=137 | protocol=17 | dir=out | app=system |
    "{6F40178D-655F-424D-BBF9-3982270EFE94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{70AF260B-AC75-43AB-BC5D-64B613CEAA1F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{798A943D-E50E-4609-B633-D87D7B79B040}" = lport=445 | protocol=6 | dir=in | app=system |
    "{8637B547-3FB1-4091-8638-93832CBB9506}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{94034794-6651-4544-BCB7-66C055ECF250}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{97C44C84-C0CC-4F28-A9B6-7B710811DF01}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9DCB575F-2423-4358-8B13-6EE78E2F41D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A8BBCD55-93C0-4ADC-A984-E5E0C786DCD1}" = rport=445 | protocol=6 | dir=out | app=system |
    "{AAAD772C-1BA1-4F54-B95D-54D304BCE642}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AB9CF163-FE97-4F2B-9399-32BE380E03C7}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{AD8C8AF4-0EA9-4E84-A11A-D1F3C89054D9}" = lport=37684 | protocol=17 | dir=in | name=oovoo udp port 37684 |
    "{AF7858E4-823F-4747-97D4-FEC0C71E5CF8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B8F67676-1121-4D31-BD53-D88BD5D770CA}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B9DB0B98-A991-4540-B518-612EC598435C}" = lport=137 | protocol=17 | dir=in | app=system |
    "{D0F24CFA-F320-4A81-BAAE-5CCA13D61781}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D13E8ED0-4F0A-4D08-A775-A2CAE8B6F605}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{D656FC65-FBDC-4C28-AAA5-71158A0D3214}" = lport=37684 | protocol=6 | dir=in | name=oovoo tcp port 37684 |
    "{E03E536D-C74D-47C0-B060-F0D145F7253C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{EA1802B2-4084-43F4-872C-2384D0EF2A62}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{ED6C9936-3AE3-4DFE-AA58-0914A974CADB}" = lport=138 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0357479B-D6BD-417D-8FFD-4A24E917A584}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{03B58A89-0EB7-4B4E-8C60-CE6EA1ABDB8F}" = protocol=17 | dir=in | app=c:\users\luke\desktop\utorrent.exe |
    "{1416B85D-3A20-4757-8E9E-132B8A84C2DE}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
    "{1751CC62-392A-4794-8354-3751B032B8C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{24BA30A2-2186-4B13-977D-16638E3AF0DD}" = protocol=6 | dir=in | app=c:\users\luke\desktop\utorrent.exe |
    "{27DC356F-3557-412B-B310-7E8F2F63E563}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{280FD332-3C21-47BD-B859-9FDA0A4618F3}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicator.exe |
    "{2C402285-7957-4A9F-BB30-FC955F7081E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{2DEE28B0-ECF2-4227-9689-5311D04B9FE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{33F75210-9525-4A9E-B005-91BAF0838F03}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{43C0F997-E740-4F44-8E9C-B806A50E87A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4F8C8074-A764-4273-90AA-421FF9D299CA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{5BDA0FD5-ADB8-4A01-BF28-3A48CEE173A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{5E1259C0-8D67-4149-98EF-3CD1417B6EE4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5EE72B2A-2E73-450D-8A35-B5ADFD57DA95}" = dir=in | app=c:\users\luke\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{650DCD98-612F-4480-9FBE-F30AF27EB7ED}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{66657046-46A0-4EA8-8D56-37A92E868DD6}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\digitalwizards.exe |
    "{78DA6990-77DF-4528-9462-267EB24B0451}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{7D0DE7BB-C491-4372-832B-7C16ACC53EF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7FE19012-8081-4436-BAC2-3D1FF1760808}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8091681B-BFE7-4DDA-A96B-AF803343CBA6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
    "{8B6BC487-EC21-421A-8556-C8C58BCDCECC}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{8E253D7B-F046-4F9E-9605-EDB86E9B4E00}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
    "{8EFC17FA-88AC-4EBF-BC71-1E829AA14B12}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{964BC96B-A5BE-452F-A886-4B96163A4576}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{9E2EC221-1C2F-4CAF-9C44-0F79A9D2942F}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
    "{A406BC70-2F20-42F6-B4AB-900CE855C20E}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\faxapplications.exe |
    "{A4771643-7CAD-4FEF-B22A-6B0792404C7A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A69E8667-272E-4539-9D52-BC54D08F9578}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AA2AE378-F7E5-4FCE-ACE5-BC58B0C5AA7A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{ACA0CE15-035A-4BE6-9F16-E7039BB7BE05}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{AF743101-7618-48FC-883F-35DAF973E089}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{B9D0451E-7170-490E-A01E-209814A3B8DD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
    "{C2CD079D-B529-4D9F-81E9-59C682E4AF18}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C70D05AF-3471-414F-B3EA-238853C26C60}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{CA3325F9-0164-4145-9F30-394DB9B644FB}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
    "{DA578D9A-EE08-4B87-B280-F797A6375A2A}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\devicesetup.exe |
    "{E1CC3113-A213-4A5B-922C-B227B0B48E30}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\sendafax.exe |
    "{E67AA492-81DC-4BBC-A526-91FC2B7F5632}" = protocol=6 | dir=out | app=system |
    "{E972C3AF-1F13-4CD9-8FF0-CC241B5F36A8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{EA84411D-FD9E-4E48-BD75-9F54E220913F}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
    "{ECDCDFAC-F652-4555-93EF-B51A18660E9D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFC8E90D-A740-4201-8962-A062C72A3F2D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "TCP Query User{3152819A-3E63-4148-9DEA-B3D65B6C52B5}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "TCP Query User{3F85D5FE-34D0-46B2-96A4-153867BC39EA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "TCP Query User{9D720D2C-5930-47A1-A1CE-894B229A7F55}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "TCP Query User{B5B305B0-D1D2-483E-82A4-D1F447472F08}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "TCP Query User{C3EA7A34-BFF3-4C3C-B5BF-6C65BA0F2442}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "TCP Query User{EC48CE51-9AF2-456F-A9F6-85978BADA201}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "UDP Query User{03A743C2-67CB-439A-965E-3B49F5004374}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "UDP Query User{1998E98A-2606-40CB-8385-9C8F7AF95937}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "UDP Query User{60B579A2-D9B3-4C21-9545-527F79F5992E}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "UDP Query User{77380710-12A9-4B97-87C2-A31A0B1071D7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "UDP Query User{B7B5E6F0-65F4-4A1A-86D1-CE9B765A9D21}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "UDP Query User{C254420A-0294-4F66-96D3-91B8BF9615EB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{A2E836B3-59A6-486B-82DC-1EA3878BCDEA}" = HP Officejet 4620 series Basic Device Software
    "{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
    "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
    "{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "GIMP-2_is1" = GIMP 2.8.4
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
    "{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{606C37AB-EB04-4270-A592-201A03C2DB36}" = HP Officejet 4620 series Help
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{69ABD67D-5C2E-4724-B519-695DEF3EC23B}" = HP Documentation
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
    "{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
    "Adobe AIR" = Adobe AIR
    "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
    "AIM_7" = AIM 7
    "avast" = avast! Free Antivirus
    "DivX Setup.divx.com" = DivX Setup
    "Google Chrome" = Google Chrome
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
    "My HP Game Console" = HP Game Console
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
    "PS3 Media Server" = PS3 Media Server
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
    "uTorrent" = µTorrent
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinZipper" = WinZipper
    "WT087328" = Blackhawk Striker 2
    "WT087335" = Build-a-lot 2
    "WT087342" = Dora's Carnival Adventure
    "WT087360" = Escape Rosecliff Island
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087372" = Heroes of Hellas 2 - Olympia
    "WT087373" = Jewel Quest 3
    "WT087379" = Jewel Quest Solitaire 2
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087414" = Virtual Families
    "WT087415" = Wheel of Fortune 2
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087513" = Virtual Villagers - The Secret City
    "WT087533" = Zuma Deluxe
    "WT087536" = Diner Dash 2 Restaurant Rescue

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/4/2013 7:00:03 PM | Computer Name = Luke-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2480

    Error - 6/4/2013 7:00:04 PM | Computer Name = Luke-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 6/4/2013 7:00:04 PM | Computer Name = Luke-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3713

    Error - 6/4/2013 7:00:04 PM | Computer Name = Luke-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3713

    Error - 6/5/2013 12:31:57 PM | Computer Name = Luke-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 6/5/2013 12:31:57 PM | Computer Name = Luke-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1295

    Error - 6/5/2013 12:31:57 PM | Computer Name = Luke-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1295

    Error - 6/5/2013 12:31:58 PM | Computer Name = Luke-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 6/5/2013 12:31:58 PM | Computer Name = Luke-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2605

    Error - 6/5/2013 12:31:58 PM | Computer Name = Luke-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2605

    [ Hewlett-Packard Events ]
    Error - 8/30/2012 12:14:26 PM | Computer Name = Luke-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/30/2012 12:16:22 PM | Computer Name = Luke-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 9/4/2012 4:42:26 PM | Computer Name = Luke-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HPSFConfigReader.ConfigHelper.loadXML()

    at HPSFConfigReader.ConfigHelper..ctor() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
    isOnAppLoad) Message: Exception of type 'System.Exception' was thrown. StackTrace:
    at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

    at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
    isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program
    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3893
    Ram
    Utilization: TargetSite: Void loadXML()

    Error - 9/4/2012 4:42:56 PM | Computer Name = Luke-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 9/6/2012 6:26:43 PM | Computer Name = Luke-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 9/6/2012 6:27:02 PM | Computer Name = Luke-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 11/15/2012 11:10:29 PM | Computer Name = Luke-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Message:
    Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Source:
    HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3893
    Ram
    Utilization: 50 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


    Error - 11/21/2012 10:53:12 AM | Computer Name = Luke-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    3893 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 11/21/2012 10:53:14 AM | Computer Name = Luke-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    3893 Ram Utilization: 50 TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 11/29/2012 2:50:32 AM | Computer Name = Luke-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    3893 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)

    [ HP Software Framework Events ]
    Error - 9/4/2012 4:44:13 PM | Computer Name = Luke-HP | Source = CaslWmi | ID = 5
    Description = 2012/09/04 16:44:13.201|00001188|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 9/6/2012 5:59:23 PM | Computer Name = Luke-HP | Source = CaslWmi | ID = 5
    Description = 2012/09/06 17:59:23.226|0000149C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 9/6/2012 6:01:49 PM | Computer Name = Luke-HP | Source = CaslWmi | ID = 5
    Description = 2012/09/06 18:01:49.462|00001110|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 9/12/2012 1:08:05 AM | Computer Name = Luke-HP | Source = CaslWmi | ID = 5
    Description = 2012/09/12 01:08:05.127|00001B18|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 9/19/2012 12:23:58 AM | Computer Name = Luke-HP | Source = CaslWmi | ID = 5
    Description = 2012/09/19 00:23:58.997|00001960|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 9/25/2012 5:47:22 PM | Computer Name = Luke-HP | Source = CaslWmi | ID = 5
    Description = 2012/09/25 17:47:22.857|00000C90|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 10/4/2012 9:54:06 AM | Computer Name = Luke-HP | Source = CaslWmi | ID = 5
    Description = 2012/10/04 09:54:06.603|00000DB4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 10/9/2012 3:10:47 PM | Computer Name = Luke-HP | Source = CaslWmi | ID = 5
    Description = 2012/10/09 15:10:47.507|000019C8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 10/16/2012 7:58:13 PM | Computer Name = Luke-HP | Source = CaslWmi | ID = 5
    Description = 2012/10/16 19:58:13.167|00000CF8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 10/30/2012 8:22:44 PM | Computer Name = Luke-HP | Source = CaslWmi | ID = 5
    Description = 2012/10/30 20:22:44.626|00001560|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    [ HP Wireless Assistant Events ]
    Error - 11/25/2012 2:30:33 AM | Computer Name = Luke-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

    at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
    hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
    radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 11/25/2012 2:31:28 AM | Computer Name = Luke-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 11/25/2012 2:32:33 AM | Computer Name = Luke-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

    at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
    hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
    radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

    at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 11/25/2012 2:33:28 AM | Computer Name = Luke-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 11/25/2012 2:35:28 AM | Computer Name = Luke-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 11/25/2012 2:37:28 AM | Computer Name = Luke-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 2/4/2013 4:23:19 AM | Computer Name = Luke-HP | Source = HP WA Application | ID = 0
    Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
    failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
    sender, StartupEventArgs args)

    Error - 2/4/2013 4:23:36 AM | Computer Name = Luke-HP | Source = HP WA Application | ID = 0
    Description = MainWindow.ShowImpl; not initialized, closing application...

    Error - 4/22/2013 10:04:21 AM | Computer Name = Luke-HP | Source = HP WA Application | ID = 0
    Description = System.Exception HardwareAccess hasn't been instantiated properly.
    at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

    Error - 5/22/2013 7:06:00 PM | Computer Name = Luke-HP | Source = HP WA Application | ID = 0
    Description = System.Exception HardwareAccess hasn't been instantiated properly.
    at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

    [ System Events ]
    Error - 6/5/2013 4:14:32 PM | Computer Name = Luke-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume \Device\HarddiskVolume2.

    Error - 6/5/2013 4:14:54 PM | Computer Name = Luke-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume \Device\HarddiskVolume2.

    Error - 6/5/2013 4:15:25 PM | Computer Name = Luke-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/5/2013 4:17:24 PM | Computer Name = Luke-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume \Device\HarddiskVolume2.

    Error - 6/5/2013 4:31:52 PM | Computer Name = Luke-HP | Source = DCOM | ID = 10016
    Description =

    Error - 6/5/2013 5:28:02 PM | Computer Name = Luke-HP | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the WinZiper
    service service to connect.

    Error - 6/5/2013 5:28:02 PM | Computer Name = Luke-HP | Source = Service Control Manager | ID = 7000
    Description = The WinZiper service service failed to start due to the following
    error: %%1053

    Error - 6/5/2013 5:29:33 PM | Computer Name = Luke-HP | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the HPWMISVC service.

    Error - 6/5/2013 5:31:10 PM | Computer Name = Luke-HP | Source = DCOM | ID = 10016
    Description =

    Error - 6/5/2013 5:48:14 PM | Computer Name = Luke-HP | Source = DCOM | ID = 10016
    Description =


    < End of report >
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    OK, continue:

    Re-Run [​IMG] by double left click, Vista and Widows 7 users accept UAC alert.

    • Under the [​IMG] box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL

      Code:
      :OTL
      DRV:64bit: - [2011/09/11 16:59:40 | 000,027,256 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FixTDSS.sys -- (FixTDSS)
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com/web/?utm_source...H48&ts=4325446
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com/web/?utm_source...H48&ts=4325446
      IE:64bit: - HKLM\..\SearchScopes\{7D710B45-12E9-4DEE-BDE6-67C3F2DF7765}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      IE - HKLM\..\SearchScopes\{7D710B45-12E9-4DEE-BDE6-67C3F2DF7765}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\..\SearchScopes\{7D710B45-12E9-4DEE-BDE6-67C3F2DF7765}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      IE - HKU\S-1-5-21-3944735997-2752461605-1968013451-1001\..\SearchScopes\{915FC82A-E332-4B03-B2BF-FA976FF8E990}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN1310699 4151810917&UM=2
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18 - Protocol\Handler\gopher - No CLSID value found
      [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
      [1 C:\Users\Luke\Desktop\*.tmp files -> C:\Users\Luke\Desktop\*.tmp -> ]
      :Files
      ipconfig /flushdns /c
      :Commands
      [emptytemp]
      [CREATERESTOREPOINT]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
    • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Next,

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Let me see those logs, also give update on current issues/concerns...

    Kevin
     
  14. mjplus7

    mjplus7 Thread Starter

    Joined:
    Feb 23, 2005
    Messages:
    106
    Hi Kevin,

    Thanks for all your help. Due to work commitments, I won't have time to run these until Friday afternoon. I will post as soon as completed on Friday. Thanks again!

    Joan
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Hiya Joan,

    Post back anytime you`re ready, i`ll be about....

    Kevin....:)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1100450