1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijackthis Log Help Request Please

Discussion in 'Virus & Other Malware Removal' started by MissRocket, Feb 19, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. MissRocket

    MissRocket Thread Starter

    Joined:
    Feb 19, 2013
    Messages:
    36
    Hi,
    Thank you for taking the time to help me with my mess. This started with me searching for a software program through bit torrent websites that I had never used before using "Google Chrome". Instead of opening "UTorrent", which would have started downloading the program that I needed, I was instructed to download a different "Bit Torrent Client". I knew better then to do this but I did it anyway. Idiot, I know! I am finished messing with Torrent anything, lesson learned. :(

    Since then I have been getting memory errors, unable to boot, unable to fix start-up, POWRPROF.DLL missing errors, several other error messages, DVD Player not reading my Windows 7 Install disk. etc. I even tried to run hijackthis for a second time and now I get a message cannot find the hijack on c file would you like to create a new one and when I choose yes I get a blank notebook page and am unable to copy the new log file to it. I have run "Trend Micro's" online scanner and came out clean. I don't know what else to do.

    I have some computer knowledge but still need someone with a little patience to get me though this. I have read the "Read This First" before posting and believe I did everything it asked. The rootkit scanner did not require me to run a full scan so I didn't post anything. Please let me know if I should have or if I need to do anything else. Everything else is posted below the TSG SysInfo . Thanks in advance for any help you may provide.
    Victoria


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz, Intel64 Family 6 Model 23 Stepping 10
    Processor Count: 2
    RAM: 7934 Mb
    Graphics Card: NVIDIA GeForce 9500M (GF 9400MG + GF 9200MGS), 256 Mb
    Hard Drives: C: Total - 465433 MB, Free - 334357 MB;
    Motherboard: Dell Inc., 0K183D
    Antivirus: Microsoft Security Essentials, Updated and Enabled

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:58:34 AM, on 2/19/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.4.5.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
    O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} (20-20 3D Viewer for WEB) - http://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_WEB_Win32.cab
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
    O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13589 bytes


    DDS.txt-Notepad

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
    Run by EGS at 13:06:06 on 2013-02-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7934.5650 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\HPSIsvc.exe
    C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
    C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\mmc.exe
    C:\Windows\system32\mmc.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - LocalServer32 - <no file>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [Conime] C:\Windows\System32\conime.exe
    dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEM~1.LNK - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
    DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_WEB_Win32.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{4CEAA0DD-0664-4E93-A27D-1B2EE1C8DC70} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{4CEAA0DD-0664-4E93-A27D-1B2EE1C8DC70}\8445340225F636B656474727164656 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{4CEAA0DD-0664-4E93-A27D-1B2EE1C8DC70}\844534023556E637164796F6E6024374242324E20286 : DHCPNameServer = 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\EGS\AppData\Roaming\Mozilla\Firefox\Profiles\qu6d8yev.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2011-11-14 89600]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
    R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2012-7-2 127800]
    R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2012-7-16 87368]
    R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-7-27 14952]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
    R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-10 398184]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-10 682344]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-11-25 35104]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
    S3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2012-7-2 20480]
    S3 OlyCamComm;OLYMPUS USB Communication Device;C:\Windows\System32\drivers\OlyCamComm.sys [2009-9-9 24208]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-9 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-9 57856]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-14 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    ShellExec: PortraitProfessional.exe: open="C:\Program Files (x86)\Portrait Professional 10 Trial\PortraitProfessionalTrial.exe" /P "%1"
    .
    =============== Created Last 30 ================
    .
    2013-02-19 16:22:30 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
    2013-02-19 15:50:44 388096 ----a-r- C:\Users\EGS\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-02-19 15:50:43 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2013-02-19 15:45:27 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F072438-B20D-4A28-8CFA-C7111EDC055E}\mpengine.dll
    2013-02-19 15:33:54 -------- d-----w- C:\Users\EGS\AppData\Roaming\Malwarebytes
    2013-02-19 13:33:04 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F93B72D5-F2B5-4C95-BA44-52FF371E24A1}\mpengine.dll
    2013-02-19 00:13:14 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-02-19 00:13:07 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3CACADFD-007C-4857-8B5C-2DE24A00F772}\mpengine.dll
    2013-02-18 22:51:29 2565632 ----a-w- C:\Windows\System32\esent.dll
    2013-02-18 22:17:07 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-02-18 22:11:56 -------- d-sh--w- C:\found.003
    2013-02-18 04:54:43 14848 ----a-w- C:\Windows\SysWow64\powrprof.dll
    2013-02-18 04:00:07 -------- d-----w- C:\Program Files (x86)\RegClean Pro
    2013-02-17 22:10:57 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD7CD7CC-1574-406D-B500-F87E4DF9C0A3}\mpengine.dll
    2013-02-11 21:09:10 -------- d-sh--w- C:\found.002
    2013-02-09 09:10:51 -------- d-----w- C:\Program Files\PC-Doctor for Windows
    2013-02-08 04:42:52 16365936 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2013-02-06 21:52:18 4200304 ----a-w- C:\Windows\SysWow64\cdintf400.dll
    2013-02-06 21:51:46 -------- d-----w- C:\Program Files (x86)\Quicken
    2013-02-06 14:28:01 -------- d-sh--w- C:\found.001
    2013-02-06 13:17:46 -------- d-sh--w- C:\found.000
    2013-02-06 13:07:32 -------- d-----w- C:\Users\EGS\AppData\Roaming\Outlook
    2013-02-06 06:34:31 -------- d-----w- C:\ProgramData\Tarma Installer
    2013-02-02 00:13:41 350720 ----a-w- C:\Windows\System32\mvhlewsi.DLL
    2013-02-02 00:13:41 1696256 ----a-w- C:\Windows\System32\HP1100SM.EXE
    2013-02-02 00:13:40 288768 ----a-w- C:\Windows\System32\HP1100LM.DLL
    2013-02-01 14:24:23 -------- d-----w- C:\Program Files (x86)\Halfpricesoft
    2013-02-01 01:42:34 -------- d-----w- C:\Program Files (x86)\Dynacom Technologies, Inc
    2013-01-31 05:09:23 -------- d-----w- C:\Windows\pss
    2013-01-31 02:03:41 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-28 09:01:46 -------- d-----w- C:\Program Files (x86)\Common Files\Mobipocket Shared
    2013-01-28 09:01:45 -------- d-----w- C:\Program Files (x86)\Mobipocket.com
    2013-01-28 08:50:02 -------- d-----w- C:\ProgramData\flipBook
    2013-01-28 08:46:49 -------- d-----w- C:\ProgramData\3dpf
    2013-01-28 08:46:49 -------- d-----w- C:\ProgramData\3dpageflip
    2013-01-28 08:42:51 -------- d-----w- C:\ProgramData\A-PDF
    2013-01-28 08:42:25 -------- d-----w- C:\Program Files (x86)\3D PageFlip Standard
    .
    ==================== Find3M ====================
    .
    2013-02-17 22:00:49 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-02-17 22:00:48 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-17 08:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    .
    ============= FINISH: 13:06:57.95 ===============


    Attach.txt-Notepad

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/13/2011 9:09:22 PM
    System Uptime: 2/19/2013 8:31:16 AM (5 hours ago)
    .
    Motherboard: Dell Inc. | | 0K183D
    Processor: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz | Socket 479 | 2133/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 455 GiB total, 326.746 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP305: 2/17/2013 7:55:06 PM - Removed Xin Invoice 2.0
    RP306: 2/17/2013 8:20:32 PM - Removed Xin Invoice 2.0
    RP307: 2/17/2013 9:55:21 PM - Regclean Pro Sun, Feb 17, 13 21:55
    RP308: 2/17/2013 10:06:36 PM - Removed ImageMixer 3 SE Ver.4.5 Video Tools
    RP309: 2/18/2013 5:12:07 PM - Windows Update
    RP310: 2/19/2013 8:49:19 AM - Installed HiJackThis
    RP311: 2/19/2013 8:50:22 AM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.21
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.5)
    Adobe Shockwave Player 11.6
    aioscnnr
    Amazon Send to Kindle
    Android SDK Tools
    Android Sync Manager WiFi
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    Bonjour
    BookSmart® 3.2.2 3.2.2
    C4USelfUpdater
    calibre
    CardWorks Business Card Software
    CCScore
    center
    Cisco Connect
    Combined Community Codec Pack 2011-11-11
    Crystal Reports Basic Runtime for Visual Studio 2008
    D3DX10
    Dell Dock
    Dell Mobile Broadband Manager
    DHTML Editing Component
    DivX Setup
    doubleTwist
    ESSBrwr
    ESSCDBK
    ESScore
    essentials
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    Evernote v. 4.5.8
    ezPaycheck
    ffdshow [rev 2527] [2008-12-19]
    GIMP 2.6.11
    Google Chrome
    Google Drive
    Google Earth
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hardware Diagnostic Tools
    HiJackThis
    HP LaserJet Professional P1100-P1560-P1600 Series
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    HTC Sync Manager
    iCloud
    IDT Audio
    ImageMixer 3 SE Ver.4.5 Transfer Utility
    ImgBurn
    Inkscape 0.48.2
    Internet TV for Windows Media Center
    IrfanView (remove only)
    iSEEK AnswerWorks English Runtime
    ISO to USB
    iTunes
    IZArc 4.1.6
    Java 7 Update 11
    Java 7 Update 9 (64-bit)
    Java Auto Updater
    Junk Mail filter update
    K-Lite Codec Pack 7.0.0 (Standard)
    Kodak AIO Printer
    KODAK AiO Software
    Kodak EasyShare software
    LogonStudio
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Mobipocket Creator 4.2
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    Music Transfer Utility Ver.1.5
    netbrdg
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    ocr
    OfotoXMI
    OpenOffice.org 3.4.1
    OverDrive Media Console
    PageBreeze Free HTML Editor
    Paint.NET v3.5.10
    PhotoPad Image Editor
    PhotoScape
    PlayReady PC Runtime amd64
    Portrait Professional 10.7 Trial
    PreReq
    PrintProjects
    Quicken 2011
    Quicken 2013
    Quickset64
    QuickTime
    Rainlendar2 (remove only)
    Rainmeter
    RegClean Pro
    RICOH Media Driver ver.2.07.01.00
    RICOH R5C83x/84x Media Driver Ver.3.53.02
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    SFR
    SHASTA
    Shoeboxed Uploader
    Shutterfly Express Uploader
    skin0001
    SKINXSDK
    SmartDraw 2012
    SmartDraw PDF Export (novaPDF 6.4 printer)
    smARTupdate
    staticcr
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    VC80CRTRedist - 8.0.50727.6195
    Visual Thesaurus 3
    VPRINTOL
    WIDCOMM Bluetooth Software
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WIRELESS
    Yahoo! Detect
    Zamzom Wireless
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/19/2013 8:55:30 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    2/19/2013 8:50:45 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy41.
    2/19/2013 8:49:51 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy39.
    2/19/2013 8:39:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/19/2013 8:35:07 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.
    2/19/2013 8:34:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    2/19/2013 8:34:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    2/19/2013 8:34:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    2/19/2013 8:34:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    2/19/2013 8:34:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/19/2013 8:34:48 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The file or directory is corrupted and unreadable.
    2/19/2013 8:34:08 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio Endpoint Builder service, but this action failed with the following error: An instance of the service is already running.
    2/19/2013 8:34:07 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
    2/19/2013 8:33:07 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/19/2013 8:33:07 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/19/2013 8:33:07 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/19/2013 8:33:07 AM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/19/2013 8:33:07 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/19/2013 8:33:07 AM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    2/19/2013 8:33:07 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/19/2013 8:33:07 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/19/2013 8:33:07 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/19/2013 8:33:07 AM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/19/2013 8:33:07 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/19/2013 6:30:46 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
    2/19/2013 6:29:05 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    2/19/2013 6:28:46 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/19/2013 6:28:46 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    2/19/2013 6:28:46 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/19/2013 6:28:46 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/19/2013 6:28:01 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
    2/19/2013 6:27:56 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
    2/19/2013 12:45:08 PM, Error: nvstor64 [3] - Data error on device. Device: \Device\RaidPort0 Model: TOSHIBA MK5056GSYF Firmware Version: LJ00 Serial Number: 305ET128T Port: 0
    2/19/2013 12:38:17 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    2/19/2013 1:06:48 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
    2/18/2013 8:45:55 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \\?\Volume{8a4f6f24-0e7d-11e1-903f-806e6f6e6963}.
    2/18/2013 5:13:17 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy38.
    2/18/2013 5:06:26 PM, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147023504
    2/18/2013 5:05:33 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x800700c1 Error description: Microsoft Antimalware is not a valid Win32 application. Signature version: 1.143.2504.0;1.143.2504.0 Engine version: 1.1.9103.0
    2/18/2013 5:04:57 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume RECOVERY.
    2/18/2013 2:01:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    2/18/2013 2:01:28 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/17/2013 7:50:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/17/2013 6:06:08 PM, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/17/2013 3:10:51 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    2/17/2013 3:10:21 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: The specified module could not be found.
    2/17/2013 2:13:54 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    2/17/2013 2:13:54 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    2/17/2013 1:29:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/16/2013 9:21:55 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Error Reporting Service service, but this action failed with the following error: An instance of the service is already running.
    2/16/2013 8:28:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdatem) service to connect.
    2/16/2013 8:28:18 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdatem) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/16/2013 8:01:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    2/16/2013 12:05:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    2/16/2013 11:55:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    2/16/2013 10:25:57 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    2/16/2013 10:15:06 PM, Error: Service Control Manager [7023] - The Peer Networking Grouping service terminated with the following error: The specified module could not be found.
    2/16/2013 1:49:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}
    2/15/2013 6:35:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    2/15/2013 6:25:37 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    2/15/2013 5:46:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    2/15/2013 4:09:45 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    2/15/2013 4:04:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the HomeGroup Provider service, but this action failed with the following error: An instance of the service is already running.
    2/15/2013 4:03:54 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/15/2013 4:03:54 PM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/15/2013 2:44:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    2/15/2013 11:25:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    2/14/2013 6:42:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    2/14/2013 3:36:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    2/14/2013 11:12:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    2/13/2013 12:31:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    2/12/2013 7:03:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2075.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80080005 Error description: Server execution failed
    .
    ==== End Of File ===========================
     
  2. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    Hello MissRocket and welcome to TSG.

    My name is Satchfan and I would be glad to help you with your computer problem.

    Please read the following guidelines which will help to make cleaning your machine easier:

    • please follow all instructions in the order posted
    • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
    • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
    • if you don't understand something, please don't hesitate to ask for clarification before proceeding
    • the fixes are specific to your problem and should only be used for this issue on this machine.
    • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
    IMPORTANT:

    Please DO NOT install/uninstall any programs unless asked to.
    Please DO NOT run any scans other than those requested

    ===================================================

    (y)


    ===================================================

    Registry cleaners

    I see you are using a “Registry Cleaner”, Regclean Pro. It's not a good idea to use registry cleaners/boosters.

    The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, (and you are expert in the registry), I would suggest you leave the registry alone.

    I strongly advise you to get rid of Regclean Pro and any other cleaner/optimizer/booster/tuneup/tweak type utilities that you have on this or any other computer.


    One of the malware experts, miekiemoes, has an excellent write-up here
    Another excellent article by Bill Castner is located here

    ===================================================

    We’ll have to run some different scans as those didn’t show up the culprit.

    Run RogueKiller

    Download RogueKiller to your desktop.

      • close all running programs
      • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
      • when the prescan is finished, click on Scan
      • click on Report and copy/paste the content in your next post
      • NOTE: DO NOT attempt to remove anything that the scan detects.
      If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

      Please post the contents of the RKreport.txt in your next reply.

      Thanks

      Satchfan
     
  3. MissRocket

    MissRocket Thread Starter

    Joined:
    Feb 19, 2013
    Messages:
    36
    Thank you for taking the time to help me with my computer nightmare. I am extremely grateful and looking forward to working with you.

    Just before finding your offer to help me I used my Windows 7 installation disk to boot my PC and then ran the startup repair tool. I didn't think to take note of the results but I understood the problem to be a corrupt file system on the "Recovery" partition, which I do not believe is the C:\ drive on this computer. Once the repair had finished, CHKDSK ran on restart and did one more restart at which time my PC did start up normally. I also removed a few more programs that I wasn't using including "Registry Pro" which was downloaded and used as a last resort. I will heed your warning and restrain from using registry repair programs in the future. Please let me know if we need to "start over" because of this. Now that I know I have help I will not attempt any further self repair tactics on my own and only follow your instructions.

    Also, I have absolutely no idea what to do with the event viewer application other than use it to look up some of the error messages to see if I can figure out what they mean. Before finding your message, I made myself a list of recent events to research and will post them after the RogueKiller report below. I don't know if they will be helpful or not but I figured it couldn't hurt. Thank you, again for your help.

    RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : VPS [Admin rights]
    Mode : Scan -- Date : 02/24/2013 05:15:34
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK5056GSYF SCSI Disk Device +++++
    --- User ---
    [MBR] 74848f97afea51a159f83345858c9d75
    [BSP] 0275bb52c3d6eab85416b27bfc856294 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 11442 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23562240 | Size: 465434 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_02242013_02d0515.txt >>
    RKreport[1]_S_02242013_02d0515.txt

    Below is my research list of events:confused:

    The embedded controller (EC) returned data when none was requested. The BIOS might be trying to access the EC without synchronizing with the operating system. This data will be ignored. No further action is necessary; however, you should check with your computer manufacturer for an upgraded BIOS.

    The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume3.

    The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

    Application popup: uninst.exe - Corrupt File : The file or directory \Program Files (x86)\Dell is corrupt and unreadable. Please run the Chkdsk utility.

    The oldest shadow copy of volume \\?\Volume{8a4f6f24-0e7d-11e1-903f-806e6f6e6963} was deleted to keep disk space usage for shadow copies of volume \\?\Volume{8a4f6f24-0e7d-11e1-903f-806e6f6e6963} below the user defined limit.

    Microsoft Antimalware has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.143.2622.0
    Update Source: Microsoft Update Server
    Update Stage: Search
    Source Path: Default URL
    Signature Type: AntiVirus
    Update Type: Full
    User: NT AUTHORITY\SYSTEM
    Current Engine Version:
    Previous Engine Version: 1.1.9103.0
    Error code: 0x80080005
    Error description: Server execution failed

    Microsoft Antimalware Real-time Protection has restarted a feature. It is recommended that you run a full system scan to detect any items that may have been missed while this agent was down.
    Feature: Network Inspection System
    Reason: Real-time protection has recovered from an unknown failure. It is recommended that you run a quick scan.

    The device, \Device\Harddisk0\DR0, has a bad block.
    Data error on device.
    Device: \Device\RaidPort0
    Model: TOSHIBA MK5056GSYF
    Firmware Version: LJ00
    Serial Number: 305ET128T
    Port: 0

    Microsoft Antimalware engine has been terminated due to an unexpected error.
    Failure Type: Crash
    Exception code: 0xc0000006
    Resource: file:C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe

    The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 2 seconds since the last report.
     
  4. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    Still nothing of significance showing up.

    We&#8217;ll run a couple more scans that will look at things differently and see if anything shows up in those.

    Download and run OTL

    • download OTL to your desktop.
    • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • click Scan all users.
    • under Custom Scan paste this in:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    consrv.dll
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
    • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won&#8217;t take long.
    • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • you may need two posts to fit them both in.
    ===================================================

    Run aswMBR

    • download aswMBR.exe to your desktop.
    • double click the aswMBR.exe to run it
    • if asked, accept the AVAST virus definition download
    • click the "Scan" button to start scan
    • on completion of the scan click Save log, save it to your desktop and post in your next reply.
    Logs to include with next post:

    OTL.txt
    Extras.txt
    aswMBR log


    Thanks

    Satchfan
     
  5. MissRocket

    MissRocket Thread Starter

    Joined:
    Feb 19, 2013
    Messages:
    36
    OTL logfile created on: 2/24/2013 9:27:13 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\VPS\Desktop\downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.75 Gb Total Physical Memory | 5.51 Gb Available Physical Memory | 71.09% Memory free
    15.50 Gb Paging File | 13.01 Gb Available in Paging File | 83.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 454.53 Gb Total Space | 323.07 Gb Free Space | 71.08% Space Free | Partition Type: NTFS
    Drive D: | 5.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: VPS-PC | User Name: VPS | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/24 09:15:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VPS\Desktop\downloads\OTL.exe
    PRC - [2013/02/14 11:06:48 | 000,177,960 | ---- | M] (Ginger Software) -- C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe
    PRC - [2013/01/25 19:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2013/01/20 12:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\VPS\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/11/01 10:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    PRC - [2012/10/15 11:58:24 | 002,844,608 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    PRC - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\VPS\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/08/14 10:52:28 | 001,014,624 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/01/11 11:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/02/14 03:06:19 | 012,638,576 | ---- | M] () -- C:\Users\VPS\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
    MOD - [2013/01/25 19:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
    MOD - [2013/01/25 19:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
    MOD - [2013/01/25 19:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
    MOD - [2013/01/25 19:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
    MOD - [2013/01/25 19:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
    MOD - [2012/11/01 10:57:10 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2012/11/01 10:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
    MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/04/07 06:04:24 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
    SRV:64bit: - [2010/01/11 11:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/06/29 12:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/04/19 08:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
    SRV:64bit: - [2009/04/19 08:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
    SRV:64bit: - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe -- (AESTFilters)
    SRV - [2013/02/17 15:00:51 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/14 11:06:48 | 000,177,960 | ---- | M] (Ginger Software) [Auto | Running] -- C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe -- (GingerUpdateService)
    SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/11/11 10:11:53 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
    SRV - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
    SRV - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/06/29 12:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe -- (AESTFilters)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/12 14:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/27 11:48:14 | 000,014,952 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\iPodDrv.sys -- (iPodDrv)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/07/13 09:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
    DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2010/03/05 16:41:05 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
    DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/09/09 10:13:26 | 000,024,208 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OlyCamComm.sys -- (OlyCamComm)
    DRV:64bit: - [2009/08/21 13:24:00 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2009/07/17 09:06:14 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/07/02 22:41:04 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009/07/02 22:41:04 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009/07/02 22:41:04 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009/07/02 22:41:02 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/07/01 12:20:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
    DRV:64bit: - [2009/06/29 12:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2009/06/25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2009/06/25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



    IE - HKU\S-1-5-21-2524721775-169714519-693001153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-2524721775-169714519-693001153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-2524721775-169714519-693001153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.famjama.com/
    IE - HKU\S-1-5-21-2524721775-169714519-693001153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2524721775-169714519-693001153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-2524721775-169714519-693001153-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2524721775-169714519-693001153-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-2524721775-169714519-693001153-1000\..\SearchScopes,DefaultScope = {2E472B09-27BD-4956-846B-2A21629FEA52}
    IE - HKU\S-1-5-21-2524721775-169714519-693001153-1000\..\SearchScopes\{2E472B09-27BD-4956-846B-2A21629FEA52}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGHP_enUS458
    IE - HKU\S-1-5-21-2524721775-169714519-693001153-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2524721775-169714519-693001153-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: File not found
    FF - HKCU\Software\MozillaPlugins\gingersoftware.com/gingerPlugin: C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll (Ginger Software)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/12/24 19:06:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/01 08:08:16 | 000,000,000 | ---D | M]

    [2013/02/17 19:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VPS\AppData\Roaming\Mozilla\Firefox\Profiles\4lh4yhwz.default\extensions
    [2012/11/15 15:54:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VPS\AppData\Roaming\Mozilla\Firefox\Profiles\4lh4yhwz.default\extensions\[email protected]
    [2013/02/24 05:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/02/06 21:38:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2013/02/22 02:11:20 | 000,000,000 | ---D | M] ("Ginger") -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
    [2012/02/17 21:56:19 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Enabled) = C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\VPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: eBay Web App = C:\Users\VPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.3_0\
    CHR - Extension: Send to Kindle for Google Chrome\u2122 = C:\Users\VPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\
    CHR - Extension: Google Search = C:\Users\VPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Add Tasks to Do It (Tomorrow) = C:\Users\VPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\1.2.1_0\
    CHR - Extension: Send to Evernote = C:\Users\VPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnilckpgiopfcokcijkhpghppekcoafm\2.6.3.3_0\
    CHR - Extension: Red Bokeh - Dark Theme = C:\Users\VPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgkpfhimpfajmbheceglbgjlipjbhhf\1.0_0\
    CHR - Extension: Send to Kindle (by Klip.me) = C:\Users\VPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\3.1.1_0\
    CHR - Extension: Grammar and Spell Checker by Ginger = C:\Users\VPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh\0.1.0.228_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\VPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\VPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    Hosts file not found
    O2:64bit: - BHO: (Ginger Grammar & Spell Checker) - {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader64.dll ()
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Ginger Grammar & Spell Checker) - {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader.dll ()
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (no name) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKU\S-1-5-21-2524721775-169714519-693001153-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
    O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
    O4 - HKLM..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup File not found
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2524721775-169714519-693001153-1000..\Run: [Akamai NetSession Interface] C:\Users\VPS\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKU\S-1-5-21-2524721775-169714519-693001153-1000..\Run: [GoogleChromeAutoLaunch_A08791D65450264CE9B02CCD2E49AC25] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
    O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\EGS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Users\VPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\VPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\VPS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\VPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O4 - Startup: C:\Users\VPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skyscape SmartUpdate.lnk = C:\Program Files (x86)\Common Files\Skyscape\SmartUpdate.exe (Skyscape, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2524721775-169714519-693001153-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
    O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_WEB_Win32.cab (20-20 3D Viewer for WEB)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CEAA0DD-0664-4E93-A27D-1B2EE1C8DC70}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{6e2f3510-2d2a-11e2-bf30-0026b91c71d7}\Shell - "" = AutoRun
    O33 - MountPoints2\{6e2f3510-2d2a-11e2-bf30-0026b91c71d7}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
    O33 - MountPoints2\{8efeacd9-b067-11e1-b621-0026b91c71d7}\Shell - "" = AutoRun
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/24 04:54:03 | 000,000,000 | ---D | C] -- C:\Users\VPS\Desktop\RK_Quarantine
    [2013/02/24 04:08:13 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{EA404C6A-808E-420D-8881-3F4CCF3F23A6}
    [2013/02/24 03:36:15 | 000,000,000 | -HSD | C] -- C:\found.004
    [2013/02/23 16:07:48 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{0526D9F8-910F-40CA-981C-9B552D42A116}
    [2013/02/23 02:14:35 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{6C3E9645-A564-4976-89AF-358F815727F8}
    [2013/02/22 14:14:23 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{5C6308EC-5E3B-4C0C-8B95-D0145A45D642}
    [2013/02/22 02:14:12 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{D623FE26-6E34-4A2B-A410-5418D08D87E4}
    [2013/02/22 02:11:14 | 000,000,000 | ---D | C] -- C:\Users\VPS\Documents\Add-in Express
    [2013/02/22 02:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ginger
    [2013/02/22 02:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ginger
    [2013/02/21 01:23:55 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{8021C0BF-98A3-47D8-A28F-C4AAE690D384}
    [2013/02/20 03:47:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/02/20 03:47:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/02/20 03:47:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/02/20 03:47:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/02/20 03:47:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/02/20 03:47:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/02/20 03:47:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/02/20 03:47:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/02/20 03:47:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/02/20 03:47:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/02/20 03:47:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/02/20 03:47:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/02/20 03:46:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/02/20 03:46:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/02/20 03:46:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/02/19 12:45:38 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/02/19 12:45:38 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/02/19 12:45:33 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/02/19 12:44:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/02/19 12:44:49 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/02/19 12:44:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/02/19 12:44:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/02/19 12:44:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/02/19 12:44:46 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013/02/19 12:44:38 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
    [2013/02/19 09:22:30 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
    [2013/02/19 08:50:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2013/02/18 15:11:56 | 000,000,000 | -HSD | C] -- C:\found.003
    [2013/02/17 21:00:44 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Roaming\Systweak
    [2013/02/17 21:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
    [2013/02/17 20:20:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/02/17 07:50:38 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{8A7D77D6-FF5A-41CF-9984-566AAF083815}
    [2013/02/16 19:50:27 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{109758C1-8A8F-4CEA-BA39-3CC027D3C571}
    [2013/02/16 07:18:55 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{87D13CC9-7389-4E6E-A76C-C673035718FC}
    [2013/02/15 19:18:44 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{DF0438DF-5FEF-48AE-9411-434ABF61CCE8}
    [2013/02/15 16:21:11 | 000,000,000 | ---D | C] -- C:\Users\VPS\Desktop\masterphotousa
    [2013/02/15 07:18:21 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{E8BD08FE-C575-4F8C-A564-0847CF8E4DBA}
    [2013/02/14 19:18:30 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{FDA5FB05-D2EE-41B2-9524-793B7F41C147}
    [2013/02/14 03:06:25 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{6F163F54-9E37-4DDE-8618-D5298D4120F9}
    [2013/02/13 12:11:22 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{7BB50DE7-3EB0-4E59-8072-E821A4563BF7}
    [2013/02/12 19:05:58 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{878961F4-B9AF-4362-B877-3369EE605149}
    [2013/02/12 07:05:48 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{92D7C4E4-0691-407E-A3C2-111F60C298D5}
    [2013/02/11 19:05:25 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{BBC1275D-810C-4CB4-AFD7-CD063CC4793F}
    [2013/02/11 14:09:10 | 000,000,000 | -HSD | C] -- C:\found.002
    [2013/02/11 12:30:37 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
    [2013/02/11 12:30:27 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\Deployment
    [2013/02/09 02:11:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
    [2013/02/09 02:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\PC-Doctor for Windows
    [2013/02/09 02:10:13 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Roaming\WinBatch
    [2013/02/07 21:42:52 | 016,365,936 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2013/02/06 21:38:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/02/06 14:52:18 | 004,200,304 | ---- | C] (Amyuni Technologies
    http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
    [2013/02/06 14:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2013
    [2013/02/06 14:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
    [2013/02/06 07:28:01 | 000,000,000 | -HSD | C] -- C:\found.001
    [2013/02/06 06:17:46 | 000,000,000 | -HSD | C] -- C:\found.000
    [2013/02/05 23:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2013/02/05 23:34:25 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Roaming\ExpressFiles
    [2013/02/05 23:11:07 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{896D2631-856D-4014-9AF5-12F1333A20DB}
    [2013/02/05 11:10:57 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{A480BEB2-1BA2-45A4-B345-2FA2D5DC8F13}
    [2013/02/04 23:10:46 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{35AA8E87-0689-4741-9D85-CE772A14C458}
    [2013/02/03 11:16:00 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{A15898DD-E95A-4612-B06E-35B607E85EBE}
    [2013/02/02 23:07:08 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{DE932384-F2F6-4D75-A45C-A8FB414388B7}
    [2013/02/02 11:06:56 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{B1738040-D11A-4648-B6D8-956F3023ABAB}
    [2013/02/01 17:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2013/02/01 13:56:24 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{4C9806E0-8EFD-4EF5-88FC-FB05CBF3121D}
    [2013/02/01 07:24:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Halfpricesoft
    [2013/02/01 07:24:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Halfpricesoft
    [2013/02/01 00:48:17 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{70E3ABF7-AAA2-4B8A-94F6-F4F3EFDDD6BC}
    [2013/01/31 18:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dynacom Technologies, Inc
    [2013/01/31 17:11:10 | 000,000,000 | ---D | C] -- C:\Users\VPS\Documents\Vikki Loan
    [2013/01/31 12:47:53 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{EB4BA745-328E-40E4-8124-69879A6FAF8B}
    [2013/01/31 12:04:48 | 000,000,000 | ---D | C] -- C:\Users\VPS\Documents\Missing
    [2013/01/31 12:04:13 | 000,000,000 | ---D | C] -- C:\Users\VPS\Documents\Blog
    [2013/01/30 22:09:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2013/01/30 21:07:54 | 000,000,000 | ---D | C] -- C:\Users\VPS\Documents\My Media
    [2013/01/30 21:07:53 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Roaming\OverDrive
    [2013/01/30 13:31:51 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{75EA13D9-2B28-404F-8ACE-64DA7B1766E6}
    [2013/01/30 01:31:39 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{2077417F-A75A-4E04-AA83-C95FBA70D51E}
    [2013/01/29 13:30:19 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{61F3AF94-D6EA-4157-8D9C-EB834542C830}
    [2013/01/29 00:44:37 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{06211DCD-1037-4666-89F0-9670B9EE53F2}
    [2013/01/28 12:44:13 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{35EEBA29-5B15-466E-956F-84543C0C4BE5}
    [2013/01/28 02:03:02 | 000,000,000 | ---D | C] -- C:\Users\VPS\Documents\My Publications
    [2013/01/28 02:01:51 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobipocket.com
    [2013/01/28 02:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Mobipocket Shared
    [2013/01/28 02:01:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobipocket.com
    [2013/01/28 01:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\flipBook
    [2013/01/28 01:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\3dpf
    [2013/01/28 01:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\3dpageflip
    [2013/01/28 01:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\A-PDF
    [2013/01/28 01:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3D PageFlip Standard
    [2013/01/28 01:10:42 | 000,000,000 | ---D | C] -- C:\Users\VPS\Documents\Kindle Covers
    [2013/01/28 00:44:02 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{772FDB47-95DA-4551-9D56-A3C59076E37B}
    [2013/01/27 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{2720F17B-D634-4E4C-A46E-093E8A4163AB}
    [2013/01/26 21:13:00 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{1EC370F6-A996-4474-AEDF-4DAA0C175528}
    [2013/01/26 09:12:49 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{DAE66578-7175-464A-A694-0D130DF45BBE}
    [2013/01/25 21:12:38 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{1EC088EB-E902-49CD-9FB8-E8937D803CE5}
    [2012/08/04 05:40:19 | 000,352,944 | ---- | C] (Softonic) -- C:\Users\VPS\SoftonicDownloader_for_photoscape.exe
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/24 09:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/24 09:16:14 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/24 09:16:13 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/02/24 08:42:00 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\PrintProjects Communicator.job
    [2013/02/24 02:58:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/24 02:58:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/24 02:52:26 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
    [2013/02/24 02:52:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/24 02:51:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/24 02:51:27 | 1944,866,815 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/24 00:42:03 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Rental Property Manager 2013.lnk
    [2013/02/24 00:42:03 | 000,000,353 | ---- | M] () -- C:\Users\Public\Desktop\Free Credit Report and Score.url
    [2013/02/22 02:11:09 | 000,002,967 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ginger.lnk
    [2013/02/22 02:11:09 | 000,002,949 | ---- | M] () -- C:\Users\Public\Desktop\Ginger.lnk
    [2013/02/20 13:26:26 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/02/20 13:26:26 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/02/20 13:26:26 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/02/20 13:23:28 | 005,207,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/02/17 22:00:07 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2013/02/17 15:00:49 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/02/17 15:00:48 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/02/17 14:35:08 | 000,035,175 | ---- | M] () -- C:\Users\VPS\.recently-used.xbel
    [2013/02/16 03:49:53 | 002,445,312 | ---- | M] () -- C:\Users\VPS\Desktop\Rocket Trade.QDF-backup
    [2013/02/09 08:14:03 | 1313,219,588 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/02/09 03:36:30 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
    [2013/02/07 21:42:53 | 016,365,936 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2013/02/06 14:52:08 | 000,000,126 | ---- | M] () -- C:\Windows\QUICKEN.INI
    [2013/02/06 02:54:43 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ISO to USB.lnk
    [2013/02/05 23:33:49 | 000,000,000 | ---- | M] () -- C:\END
    [2013/02/05 03:25:00 | 001,572,864 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
    [2013/02/05 02:57:00 | 003,340,288 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
    [2013/01/31 18:45:37 | 057,083,880 | ---- | M] () -- C:\Users\VPS\Desktop\setup10_web_en[1].exe
    [2013/01/31 18:42:30 | 057,083,880 | ---- | M] () -- C:\Users\VPS\Desktop\setup10_web_en.exe
    [2013/01/28 02:01:51 | 000,000,948 | ---- | M] () -- C:\Users\VPS\Desktop\Mobipocket Creator.lnk
    [2013/01/25 10:54:04 | 000,001,045 | ---- | M] () -- C:\Users\VPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/01/25 10:53:51 | 000,001,009 | ---- | M] () -- C:\Users\VPS\Desktop\Dropbox.lnk
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/22 02:11:09 | 000,002,949 | ---- | C] () -- C:\Users\Public\Desktop\Ginger.lnk
    [2013/02/22 02:11:08 | 000,002,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ginger.lnk
    [2013/02/17 14:35:08 | 000,035,175 | ---- | C] () -- C:\Users\VPS\.recently-used.xbel
    [2013/02/16 03:49:53 | 002,445,312 | ---- | C] () -- C:\Users\VPS\Desktop\Rocket Trade.QDF-backup
    [2013/02/11 10:53:01 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    [2013/02/11 10:53:01 | 000,001,978 | ---- | C] () -- C:\Users\VPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    [2013/02/11 10:53:01 | 000,001,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.5.lnk
    [2013/02/06 14:52:11 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Rental Property Manager 2013.lnk
    [2013/02/06 14:52:11 | 000,000,353 | ---- | C] () -- C:\Users\Public\Desktop\Free Credit Report and Score.url
    [2013/02/06 03:10:55 | 1313,219,588 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/02/05 23:33:49 | 000,000,000 | ---- | C] () -- C:\END
    [2013/02/01 17:13:41 | 001,696,256 | ---- | C] () -- C:\Windows\SysNative\HP1100SM.EXE
    [2013/02/01 17:13:41 | 000,350,720 | ---- | C] () -- C:\Windows\SysNative\mvhlewsi.DLL
    [2013/02/01 17:13:40 | 000,288,768 | ---- | C] () -- C:\Windows\SysNative\HP1100LM.DLL
    [2013/01/31 18:45:15 | 057,083,880 | ---- | C] () -- C:\Users\VPS\Desktop\setup10_web_en[1].exe
    [2013/01/31 18:42:09 | 057,083,880 | ---- | C] () -- C:\Users\VPS\Desktop\setup10_web_en.exe
    [2013/01/31 05:27:48 | 000,009,710 | ---- | C] () -- C:\Users\VPS\Documents\pm-rrb.csv_0_1.ods
    [2013/01/28 02:01:51 | 000,000,948 | ---- | C] () -- C:\Users\VPS\Desktop\Mobipocket Creator.lnk
    [2013/01/02 06:53:49 | 000,004,608 | ---- | C] () -- C:\Users\VPS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/12/04 06:11:11 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2012/12/02 17:34:04 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2012/11/19 04:19:05 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2012/11/14 12:12:37 | 001,414,159 | ---- | C] () -- C:\Users\VPS\doc_PDrulerUS.pdf
    [2012/07/02 22:01:41 | 000,024,772 | ---- | C] () -- C:\ProgramData\P1100DEF.css
    [2012/07/02 22:01:41 | 000,004,174 | ---- | C] () -- C:\ProgramData\P1100OS.HTM
    [2012/07/02 22:01:41 | 000,002,944 | ---- | C] () -- C:\ProgramData\P1100SIG.GIF
    [2012/06/21 09:29:16 | 000,000,952 | ---- | C] () -- C:\Users\VPS\Dropbox - Shortcut (2).lnk
    [2012/06/21 09:28:57 | 000,000,952 | ---- | C] () -- C:\Users\VPS\Dropbox - Shortcut.lnk
    [2012/03/12 19:27:30 | 000,000,128 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2012/01/27 21:50:33 | 000,000,000 | ---- | C] () -- C:\Windows\Autorun MAX!.INI
    [2012/01/18 08:07:23 | 000,007,625 | ---- | C] () -- C:\Users\VPS\AppData\Local\Resmon.ResmonCfg
    [2012/01/13 01:08:19 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
    [2011/12/28 12:16:28 | 000,033,134 | ---- | C] () -- C:\Users\VPS\AppData\Roaming\UserTile.png
    [2011/12/11 08:08:13 | 000,000,043 | ---- | C] () -- C:\Users\VPS\.gtk-bookmarks
    [2011/12/05 19:15:59 | 000,000,016 | ---- | C] () -- C:\Users\VPS\persistent_state
    [2011/12/01 03:14:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/11/20 13:25:09 | 000,123,181 | ---- | C] () -- C:\Users\VPS\NAVI E7 Rainlendar Preview.jpg
    [2011/11/20 13:25:09 | 000,123,083 | ---- | C] () -- C:\Users\VPS\NAVI E7 Rainlendar Permission.jpg
    [2011/11/20 13:25:09 | 000,024,839 | ---- | C] () -- C:\Users\VPS\ToDo.png
    [2011/11/20 13:25:09 | 000,001,666 | ---- | C] () -- C:\Users\VPS\today.png
    [2011/11/20 13:25:09 | 000,001,264 | ---- | C] () -- C:\Users\VPS\Weekdays.png
    [2011/11/20 13:25:08 | 000,024,546 | ---- | C] () -- C:\Users\VPS\Events.png
    [2011/11/20 13:25:08 | 000,023,723 | ---- | C] () -- C:\Users\VPS\Background.png
    [2011/11/20 13:25:08 | 000,004,795 | ---- | C] () -- C:\Users\VPS\Months.png
    [2011/11/20 13:25:08 | 000,003,386 | ---- | C] () -- C:\Users\VPS\NAVI E7.ini
    [2011/11/20 13:25:08 | 000,002,253 | ---- | C] () -- C:\Users\VPS\ExtraBackground.png
    [2011/11/20 13:25:08 | 000,001,726 | ---- | C] () -- C:\Users\VPS\days.png
    [2011/11/20 13:25:08 | 000,001,669 | ---- | C] () -- C:\Users\VPS\Event.png
    [2011/11/20 13:25:08 | 000,001,526 | ---- | C] () -- C:\Users\VPS\Numbers.png
    [2011/11/18 15:32:17 | 000,020,520 | ---- | C] () -- C:\Program Files (x86)\init.dat
    [2011/11/18 05:07:27 | 000,000,394 | ---- | C] () -- C:\Windows\pagebreeze.ini
    [2011/11/18 05:07:27 | 000,000,044 | ---- | C] () -- C:\Windows\formbreeze.ini
    [2011/11/17 03:23:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
    [2011/11/17 03:23:39 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
    [2011/11/14 13:06:55 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >
    [2012/01/01 10:40:11 | 029,561,554 | ---- | M] (Google Inc.) -- C:\installer_r16-windows.exe

    < MD5 for: EXPLORER.EXE >
    [2009/10/05 23:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
    [2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009/10/05 23:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
    [2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2009/10/05 23:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
    [2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
    [2009/10/05 22:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < %systemroot%\*. /rp /s >

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: TOSHIBA MK5056GSYF SCSI Disk Device
    Partitions: 3
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 63.00MB
    Starting Offset: 32256
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 11.00GB
    Starting Offset: 66060288
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 455.00GB
    Starting Offset: 12063866880
    Hidden sectors: 0


    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
    [C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
    [C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
    [C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
    [C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
    [C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 717 bytes -> C:\Users\VPS\Documents\Re_ 219 invoice.eml:OECustomProperty
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C1379D96

    < End of report >
     
  6. MissRocket

    MissRocket Thread Starter

    Joined:
    Feb 19, 2013
    Messages:
    36
    OTL Extras logfile created on: 2/24/2013 9:27:13 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\VPS\Desktop\downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.75 Gb Total Physical Memory | 5.51 Gb Available Physical Memory | 71.09% Memory free
    15.50 Gb Paging File | 13.01 Gb Available in Paging File | 83.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 454.53 Gb Total Space | 323.07 Gb Free Space | 71.08% Space Free | Partition Type: NTFS
    Drive D: | 5.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: VPS-PC | User Name: VPS | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2524721775-169714519-693001153-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0C54060E-74BD-4D01-B35D-FCA3DFB66997}" = rport=445 | protocol=6 | dir=out | app=system |
    "{15422675-7F05-4E9C-A413-99FBDD2F2051}" = lport=138 | protocol=17 | dir=in | app=system |
    "{19C88B32-B1AA-4C41-A532-2F66BB500BC0}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
    "{1F3B4608-8F3B-4C48-9C94-01C8CD6688F5}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
    "{1FE452D5-5BED-43F9-A5C2-190D9DF099ED}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{28D36AB3-867A-4F39-9EB3-7F0DA2685615}" = lport=137 | protocol=17 | dir=in | app=system |
    "{2D908D70-D38D-4D4E-AF2A-AAB57883579E}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) |
    "{40C8FE74-2122-4CB4-A70D-B0EAAAC7CC53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{45A51B4A-6BA9-462A-8300-00D6C187010E}" = rport=139 | protocol=6 | dir=out | app=system |
    "{507EFF3E-2C90-4133-8363-9FAA9DF68F0F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5298E177-ADC3-4449-A88B-F6802337736F}" = rport=138 | protocol=17 | dir=out | app=system |
    "{59A84B7E-D819-40CA-AD36-AC69164E8FDB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{62F1A604-B6DB-4BC6-854E-F71EAB01BA16}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{640108D4-6608-4916-9E9C-43D0A15837ED}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{64A9B899-58C0-489A-B171-F0C540700F59}" = lport=445 | protocol=6 | dir=in | app=system |
    "{68BA4CD2-0283-42C1-A89F-27B6FC3B6367}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6B2965F2-F8E5-4BBE-8818-68A1B75384AB}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) |
    "{717EDE3D-00D4-4053-AA75-10CB7E3FF8E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7E843B0F-001B-435E-861F-537BD52FE68E}" = rport=137 | protocol=17 | dir=out | app=system |
    "{812DA0FE-9A86-40FE-9D81-083EDE3EDE4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{82140F07-1836-4F3F-B968-99226690A910}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{97DEC5A8-EB9B-4335-B197-8CFB4BDB233D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{A0671538-1273-48EC-8EED-D36AF799E54A}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{A27763A7-0E55-41CF-B963-DD7A3903816D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{A57C88DF-547C-4818-90A8-5129488DD63E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A6C11C42-620B-4DB4-922E-E286D7EF0A85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A7F94670-3EC5-4B59-8621-99B3786B5F46}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{A99091CB-1F72-46D2-B61C-004832A4216F}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B30F3E6B-9C1E-4773-8AF1-94FBBE559781}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B4F92361-E630-4440-BA50-18694E073DFD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B8FE74AB-AF2A-47E1-AEA0-F9AA30D56CB7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{C3AC7B05-E1F6-4DE1-A49C-8B9210668AFE}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
    "{C7BBEA2C-45DA-4067-9669-66283EBA1719}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C912BB83-79A4-4C9C-BDF4-E2AE2D2D2AEC}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
    "{D255AC7E-2AB3-42C6-BCAF-6D11C1A12D8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D84D09DF-F104-42AD-89A4-A5FCAF3D735C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D9B90691-7AE0-45E0-851C-6065414FAA47}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |
    "{E108F331-D6FB-4262-83B2-FFE0ACC3B163}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{EA427153-EF04-4403-8091-A229E7BE1D61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{EE24E9F6-F5FA-4213-9112-25A29BABDC1E}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
    "{EFE2AFE2-D287-4CC9-A2D3-CD7760F32C1E}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F55FBE34-112A-4A06-AB8D-BB38F3205E9C}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02D85744-9739-48F3-AB4D-7C627ACB6286}" = protocol=17 | dir=in | app=c:\users\vps\appdata\local\temp\7zs7181\hppiw.exe |
    "{0929CE12-9067-4CFB-8DC6-EFB54B1EC132}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
    "{0B3C90F2-D3FD-4F9E-B21B-975DA9877310}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0BF7416A-B7AE-413B-B183-91FBDC249543}" = protocol=17 | dir=in | app=c:\users\vps\appdata\local\temp\7zs71e0\hpdiagnosticcoreui.exe |
    "{0E8CFC92-5C78-44A5-A5C5-9A218A0363ED}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{1448C6D4-E8FC-431F-ABD3-57E0DF712179}" = protocol=6 | dir=in | app=c:\program files\hp\hp laserjet p1100 series\wificonfig.exe |
    "{17DFA465-A8E6-403F-93F9-A6DB14227AB9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{1C36E69D-BA3C-4F56-9217-CABFDDE27950}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{231FBE77-0D2F-4C89-9133-7E6D79C02822}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
    "{2635FF46-07C8-4CFD-A744-1EF96CD649C8}" = protocol=17 | dir=in | app=c:\users\vps\appdata\local\akamai\netsession_win.exe |
    "{2A348E84-CBDC-4AB8-9780-77C7A3989337}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2D0AD23A-5A7B-4EAA-B746-5C173EC3E3D2}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
    "{2DBE370B-F9EE-497B-88FE-0E517B2CF113}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3409F38C-D8DC-459A-8907-8D36D9218BC8}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
    "{3415D7B4-DE37-49DB-B89F-9042F85F5B24}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
    "{3C9CD0D8-260C-486B-8F7E-8C32B558909F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{40E8B2F8-3D1E-40ED-A0DF-009FC04219B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{411F3459-D21D-45DD-BA64-AA7E26B1FB0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{45DA1187-CC5D-4A0C-9F59-DF239F156C20}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
    "{4CBAA671-9879-495D-A2C6-E48C4C7739FD}" = protocol=17 | dir=in | app=c:\program files (x86)\animal planet games\kuma.exe |
    "{4D3B0BA9-9D0B-4814-A0FB-9C95939B7885}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
    "{58AC978A-7F81-4ADF-85BB-2E86FCDE66B3}" = protocol=1 | dir=in | [email protected],-28543 |
    "{5B66ACBA-EFCE-49C8-BD74-0414ECAA3FEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5D6D5C79-3C13-48EA-B39C-B1FA7A2B96CF}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{5E912BFE-29F8-4DC9-97C6-320AF83DE452}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
    "{6068A09C-F28A-47D3-90A0-327171FBD2EA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{618198A1-F70E-43BB-A952-AB5D6C7B6758}" = protocol=6 | dir=in | app=c:\users\vps\appdata\roaming\dropbox\bin\dropbox.exe |
    "{66955161-16D9-4C18-9352-5DEC139C3495}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
    "{66DC8553-E286-43A7-A2B2-F4B486140843}" = protocol=6 | dir=out | app=system |
    "{67271187-3ECE-40C2-B3E2-11497A801C5C}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
    "{6913D1FA-04CB-4DD7-A9FD-7BE965FEE483}" = protocol=6 | dir=in | app=c:\users\vps\appdata\local\temp\7zs71e0\hpdiagnosticcoreui.exe |
    "{69B9DAA3-B640-4F82-9F1C-E633452DD0D1}" = protocol=17 | dir=in | app=c:\program files\hp\hp laserjet p1100 series\wificonfig.exe |
    "{72442D0C-9187-476E-9F84-A652D062185B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{72B57D95-3F5C-440D-AFCF-CC883BB0873D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{7A1F001D-D294-4D5D-8D13-783321A64853}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{823E087F-6AE5-40BB-AD30-43D6C42239CE}" = protocol=6 | dir=in | app=c:\users\vps\appdata\local\akamai\netsession_win.exe |
    "{8ED5ABD5-2F34-4313-B291-415F95A92864}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8F1B2958-B0FD-4AC3-A3E0-306250E4803D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{90723BE8-7ED0-4449-B8DE-5A2B587876CE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{90A72820-C796-44B3-A385-15D8D86AFAFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{96AD206C-5AAE-4CF2-8931-4A858EC5EDB2}" = protocol=6 | dir=in | app=c:\program files (x86)\animal planet games\kuma.exe |
    "{96D750BB-6C83-4D8C-A5B7-5ACBBCAA50EF}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
    "{96DDD879-CC82-4212-9EB1-7E53CA4A2688}" = protocol=1 | dir=out | [email protected],-28544 |
    "{97973FE1-B0EC-4B99-A3F7-AB95C30E6F66}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{9B39CE2E-0E15-4760-B634-3B25F487415B}" = protocol=6 | dir=in | app=c:\users\vps\appdata\local\temp\7zs7181\hppiw.exe |
    "{AB396623-93CF-4843-917C-EA1FB8A8FA9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AD1342DE-1838-4040-97A1-F73E9748D1EC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AE54DBEA-A1CA-4EEC-8B79-6A3B54D22A07}" = protocol=17 | dir=in | app=c:\users\vps\appdata\roaming\dropbox\bin\dropbox.exe |
    "{B6A8249A-82CF-4E20-9F4B-7B991E0518E7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{B8BDDA34-D5CE-44DE-A486-DCEC80A9000E}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
    "{C9D2D819-87CE-44C9-895C-8FA5D74D5680}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
    "{E7AECCA7-A1F5-4BC5-85E8-16A7005C82F3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{EFD604BB-844C-449A-9CD3-5B499A52783E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{F1629C18-ABFA-4BEA-8A33-ACB38953A8DD}" = protocol=58 | dir=out | [email protected],-28546 |
    "{F4269810-B409-4B51-9CA7-9B9000B92C19}" = protocol=58 | dir=in | [email protected],-28545 |
    "{FDB9172C-3D0F-4F49-A54A-AF60D59D24A2}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
    "TCP Query User{29E5C1E4-F093-4B5F-A266-82B130B8E58C}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{7333DEE9-B2D7-4F4F-81DA-05DDC488F770}C:\users\vps\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\vps\downloads\utorrent.exe |
    "TCP Query User{967E785F-BAD0-4949-953E-CC8082C11240}C:\users\vps\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\vps\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{AE8EF300-318B-4275-B3DF-EC096F4C54BD}C:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe |
    "TCP Query User{B485AA21-1E56-42E4-B24A-8D865DEC79FE}C:\users\vps\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\vps\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{03C632D4-CEF3-43DC-BC37-B71612B34DC5}C:\users\vps\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\vps\downloads\utorrent.exe |
    "UDP Query User{18BDBBCC-E4CA-4BD6-A17E-0BC1DCEC07F0}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{42DE6E02-ABFF-4192-83A5-43F01743A0F6}C:\users\vps\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\vps\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{532B840D-7EA6-4F99-84DA-820D348248AB}C:\users\vps\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\vps\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{ABD13F6A-39F0-4E74-A34E-646CD54BBD15}C:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
    "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
    "{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{A4269383-E587-4934-9EBF-F2C1B5FF08E0}_is1" = Shoeboxed Uploader
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA Drivers" = NVIDIA Drivers
    "PC-Doctor for Windows" = Hardware Diagnostic Tools
    "SmartDraw PDF Export_is1" = SmartDraw PDF Export (novaPDF 6.4 printer)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
    "{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}" = Quicken 2013
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
    "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.00
    "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{4028A420-8CB5-4F9C-B698-6EBA5491256D}" = ImageMixer 3 SE Ver.4.5 Transfer Utility
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4715760F-AF61-494C-A699-7DF5D29A03A8}" = Ginger
    "{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{563254C9-FBFC-0200-0000-000000000000}" = Android Sync Manager WiFi
    "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
    "{56BA241F-580C-43D2-8403-947241AAE633}" = center
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{87E6A443-536D-4047-AAC9-40947FC3333A}" = Music Transfer Utility Ver.1.5
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
    "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB259D81-DE6B-4554-B4A8-DB13D321FBF2}" = calibre
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
    "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
    "{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C71F947D-C500-4C00-AF0A-8B397A3F9DE5}" = HTC Sync
    "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
    "{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CED3B64B-9381-4AB8-A213-6C084C952E43}" = Zamzom Wireless
    "{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
    "{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1" = ISO to USB
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DED01768-E634-11E1-AEB0-984BE15F174E}" = Evernote v. 4.5.8
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
    "{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Android SDK Tools" = Android SDK Tools
    "BookSmart® 3.2.2 3.2.2" = BookSmart® 3.2.2 3.2.2
    "CardWorks" = CardWorks Business Card Software
    "Cisco Connect" = Cisco Connect
    "com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
    "Digital Editions" = Adobe Digital Editions
    "DivX Setup" = DivX Setup
    "doubleTwist" = doubleTwist
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "Google Chrome" = Google Chrome
    "ImgBurn" = ImgBurn
    "Inkscape" = Inkscape 0.48.2
    "InstallShield_{4715760F-AF61-494C-A699-7DF5D29A03A8}" = Ginger
    "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "IrfanView" = IrfanView (remove only)
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
    "LogonStudio" = LogonStudio
    "PageBreeze Free HTML Editor" = PageBreeze Free HTML Editor
    "PhotoScape" = PhotoScape
    "PortraitProfessional10Trial_is1" = Portrait Professional 10.7 Trial
    "PrintProjects" = PrintProjects
    "Rainlendar2" = Rainlendar2 (remove only)
    "Rainmeter" = Rainmeter
    "SendToKindle" = Amazon Send to Kindle
    "SmartDraw 2012" = SmartDraw 2012
    "smARTupdate" = smARTupdate
    "Visual Thesaurus 3" = Visual Thesaurus 3
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite" = Windows Live Essentials
    "YTdetect" = Yahoo! Detect

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2524721775-169714519-693001153-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "9204f5692a8faf3b" = Dell System Detect
    "Akamai" = Akamai NetSession Interface
    "Amazon Kindle" = Amazon Kindle
    "Dropbox" = Dropbox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/10/2013 11:19:56 PM | Computer Name = VPS-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
    Description = The Cryptographic Services service failed to initialize the Catalog
    Database. The ESENT error was: -107.

    Error - 2/10/2013 11:19:56 PM | Computer Name = VPS-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
    Description = The Cryptographic Services service failed to initialize the Catalog
    Database. The ESENT error was: -107.

    Error - 2/10/2013 11:19:58 PM | Computer Name = VPS-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
    Description = The Cryptographic Services service failed to initialize the Catalog
    Database. The ESENT error was: -107.

    Error - 2/10/2013 11:19:58 PM | Computer Name = VPS-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
    Description = The Cryptographic Services service failed to initialize the Catalog
    Database. The ESENT error was: -107.

    Error - 2/10/2013 11:19:58 PM | Computer Name = VPS-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
    Description = The Cryptographic Services service failed to initialize the Catalog
    Database. The ESENT error was: -107.

    Error - 2/10/2013 11:19:59 PM | Computer Name = VPS-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
    Description = The Cryptographic Services service failed to initialize the Catalog
    Database. The ESENT error was: -107.

    Error - 2/10/2013 11:19:59 PM | Computer Name = VPS-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
    Description = The Cryptographic Services service failed to initialize the Catalog
    Database. The ESENT error was: -107.

    Error - 2/10/2013 11:19:59 PM | Computer Name = VPS-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
    Description = The Cryptographic Services service failed to initialize the Catalog
    Database. The ESENT error was: -107.

    Error - 2/10/2013 11:20:00 PM | Computer Name = VPS-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
    Description = The Cryptographic Services service failed to initialize the Catalog
    Database. The ESENT error was: -107.

    Error - 2/10/2013 11:20:00 PM | Computer Name = VPS-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
    Description = The Cryptographic Services service failed to initialize the Catalog
    Database. The ESENT error was: -107.

    Error - 2/10/2013 11:20:00 PM | Computer Name = VPS-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
    Description = The Cryptographic Services service failed to initialize the Catalog
    Database. The ESENT error was: -107.

    [ Media Center Events ]
    Error - 12/31/2011 3:54:41 PM | Computer Name = VPS-PC | Source = MCUpdate | ID = 0
    Description = 12:54:41 PM - Failed to retrieve Directory (Error: The request was
    aborted: The request was canceled.)

    Error - 1/12/2012 8:28:10 PM | Computer Name = VPS-PC | Source = MCUpdate | ID = 0
    Description = 5:28:09 PM - Error connecting to the internet. 5:28:10 PM - Unable
    to contact server..

    Error - 1/12/2012 8:28:20 PM | Computer Name = VPS-PC | Source = MCUpdate | ID = 0
    Description = 5:28:16 PM - Error connecting to the internet. 5:28:16 PM - Unable
    to contact server..

    Error - 1/20/2012 3:29:31 AM | Computer Name = VPS-PC | Source = MCUpdate | ID = 0
    Description = 12:29:23 AM - Error connecting to the internet. 12:29:23 AM - Unable
    to contact server..

    [ System Events ]
    Error - 2/24/2013 12:42:56 PM | Computer Name = VPS-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume \Device\HarddiskVolume3.

    Error - 2/24/2013 12:42:56 PM | Computer Name = VPS-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume \Device\HarddiskVolume3.

    Error - 2/24/2013 12:42:56 PM | Computer Name = VPS-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume \Device\HarddiskVolume3.

    Error - 2/24/2013 12:43:56 PM | Computer Name = VPS-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 2/24/2013 12:43:59 PM | Computer Name = VPS-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume \Device\HarddiskVolume3.

    Error - 2/24/2013 12:43:59 PM | Computer Name = VPS-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume \Device\HarddiskVolume3.

    Error - 2/24/2013 12:44:05 PM | Computer Name = VPS-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume \Device\HarddiskVolume3.

    Error - 2/24/2013 12:44:05 PM | Computer Name = VPS-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume \Device\HarddiskVolume3.

    Error - 2/24/2013 12:44:49 PM | Computer Name = VPS-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume \Device\HarddiskVolume3.

    Error - 2/24/2013 12:44:49 PM | Computer Name = VPS-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.


    < End of report >
     
  7. MissRocket

    MissRocket Thread Starter

    Joined:
    Feb 19, 2013
    Messages:
    36
    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-02-24 10:04:10
    -----------------------------
    10:04:10.791 OS Version: Windows x64 6.1.7601 Service Pack 1
    10:04:10.791 Number of processors: 2 586 0x170A
    10:04:10.792 ComputerName: VPS-PC UserName: VPS
    10:04:12.812 Initialize success
    10:04:59.275 AVAST engine defs: 13022400
    10:05:10.519 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
    10:05:10.522 Disk 0 Vendor: TOSHIBA_ LJ00 Size: 476940MB BusType: 11
    10:05:10.533 Disk 0 MBR read successfully
    10:05:10.537 Disk 0 MBR scan
    10:05:10.545 Disk 0 Windows 7 default MBR code
    10:05:10.550 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
    10:05:10.579 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11442 MB offset 129024
    10:05:10.630 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 465434 MB offset 23562240
    10:05:10.722 Disk 0 scanning C:\Windows\system32\drivers
    10:05:27.326 Service scanning
    10:06:13.682 Modules scanning
    10:06:13.695 Disk 0 trace - called modules:
    10:06:13.737 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
    10:06:14.084 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80081c95d0]
    10:06:14.093 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80080b3e40]
    10:06:14.101 5 ACPI.sys[fffff88000f957a1] -> nt!IofCallDriver -> \Device\00000068[0xfffffa80080ae9c0]
    10:06:15.995 AVAST engine scan C:\Windows
    10:06:19.480 AVAST engine scan C:\Windows\system32
    10:11:56.527 AVAST engine scan C:\Windows\system32\drivers
    10:12:14.862 AVAST engine scan C:\Users\VPS
    10:15:29.145 Disk 0 MBR has been saved successfully to "C:\Users\VPS\Dropbox\PC Repair\MBR.dat"
    10:15:29.159 The log file has been saved successfully to "C:\Users\VPS\Dropbox\PC Repair\aswMBR.txt"
     
  8. MissRocket

    MissRocket Thread Starter

    Joined:
    Feb 19, 2013
    Messages:
    36
    Oops! After I posted the last log I stepped away from my PC and when I returned it was attempting another startup repair. It looks as if Windows updated while I was away. The repair was unsuccessful here are the "problem details":
    Problem signature:
    Problem Event Name: StartupRepairOffline
    Problem Signature 01: 6.1.7600.16385
    Problem Signature 02: 6.1.7600.16385
    Problem Signature 03: unknown
    Problem Signature 04: 42
    Problem Signature 05: AutoFailover
    Problem Signature 06: 1
    Problem Signature 07: NoRootCause
    OS Version: 6.1.7600.2.0.0.2561
    Locale ID: 1033
     
  9. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    I still see no malware but you have a proxy server.

    Did you set this proxy?

    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421

    OR

    IE - HKU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>

    Also, did you delete your hosts file?
     
  10. MissRocket

    MissRocket Thread Starter

    Joined:
    Feb 19, 2013
    Messages:
    36
    Not that I am aware of. I'm not sure what a Proxy is or what it does, just that it has something to do with networking, I think. Is it possible that changes could have been made by the file I had tried to open with UTorrent when this mess started. It was trying to open up with something else or install something and I just closed the window. Were these settings changed after you began working with me or before? Is my PC repairable or will I have to start over with a new installation of Windows?
     
  11. MissRocket

    MissRocket Thread Starter

    Joined:
    Feb 19, 2013
    Messages:
    36
    No I did not delete my hosts file either. Most everything except for the memory errors started with that Torrent file, but I am starting to wonder if maybe my roommates desktop might have caused something through our home network. A friend gave him the pc a while ago but he just started using it around the same time my problems started. Also, while using his computer yesterday I started receiving the same type of memory error messages as I did with this one.
     
  12. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    No scans that we run would/could do that. It was definitely like that before you came to us.

    It didn't show up before but that is why we request different scans: they all have different ways of looking and reporting changes. Running the “fix” later in this post will put your hosts file back.

    As long as it is not a hardware or software problem it should be possible to deal with this.
    Let’s remove the proxy.

    Internet Explorer

    Click on Tools - Internet Options – “Connections” tab – Lan Settings and remove the reference to 127.0.0.1:9421 if found, then uncheck Use a proxy server and check Automatically detect settings.



    Firefox

    Click on Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or No proxy if you do not need it.

    ========================================


    Run OTL

    • double click on the icon to run it.
    • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL
    Code:
    :Services
      
    :OTL
    O2 - BHO: (no name) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - No CLSID value found.
    [2013/02/24 04:08:13 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{EA404C6A-808E-420D-8881-3F4CCF3F23A6}
    [2013/02/22 02:14:12 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{D623FE26-6E34-4A2B-A410-5418D08D87E4}
    [2013/02/23 16:07:48 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{0526D9F8-910F-40CA-981C-9B552D42A116}
    [2013/02/22 14:14:23 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{5C6308EC-5E3B-4C0C-8B95-D0145A45D642}
    [2013/02/23 02:14:35 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{6C3E9645-A564-4976-89AF-358F815727F8}
    [2013/02/21 01:23:55 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{8021C0BF-98A3-47D8-A28F-C4AAE690D384}
    [2013/02/17 07:50:38 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{8A7D77D6-FF5A-41CF-9984-566AAF083815}
    [2013/02/16 19:50:27 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{109758C1-8A8F-4CEA-BA39-3CC027D3C571}
    [2013/02/16 07:18:55 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{87D13CC9-7389-4E6E-A76C-C673035718FC}
    [2013/02/15 19:18:44 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{DF0438DF-5FEF-48AE-9411-434ABF61CCE8}
    [2013/02/15 07:18:21 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{E8BD08FE-C575-4F8C-A564-0847CF8E4DBA}
    [2013/02/14 19:18:30 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{FDA5FB05-D2EE-41B2-9524-793B7F41C147}
    [2013/02/14 03:06:25 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{6F163F54-9E37-4DDE-8618-D5298D4120F9}
    [2013/02/13 12:11:22 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{7BB50DE7-3EB0-4E59-8072-E821A4563BF7}
    [2013/02/12 19:05:58 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{878961F4-B9AF-4362-B877-3369EE605149}
    [2013/02/12 07:05:48 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{92D7C4E4-0691-407E-A3C2-111F60C298D5}
    [2013/02/11 19:05:25 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{BBC1275D-810C-4CB4-AFD7-CD063CC4793F}
    [2013/02/05 23:11:07 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{896D2631-856D-4014-9AF5-12F1333A20DB}
    [2013/02/05 11:10:57 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{A480BEB2-1BA2-45A4-B345-2FA2D5DC8F13}
    [2013/02/04 23:10:46 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{35AA8E87-0689-4741-9D85-CE772A14C458}
    [2013/02/03 11:16:00 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{A15898DD-E95A-4612-B06E-35B607E85EBE}
    [2013/02/02 23:07:08 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{DE932384-F2F6-4D75-A45C-A8FB414388B7}
    [2013/02/02 11:06:56 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{B1738040-D11A-4648-B6D8-956F3023ABAB}
    [2013/02/01 00:48:17 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{70E3ABF7-AAA2-4B8A-94F6-F4F3EFDDD6BC}
    [2013/02/01 13:56:24 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{4C9806E0-8EFD-4EF5-88FC-FB05CBF3121D}
    [2013/01/31 12:47:53 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{EB4BA745-328E-40E4-8124-69879A6FAF8B}
    [2013/01/30 13:31:51 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{75EA13D9-2B28-404F-8ACE-64DA7B1766E6}
    [2013/01/30 01:31:39 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{2077417F-A75A-4E04-AA83-C95FBA70D51E}
    [2013/01/29 13:30:19 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{61F3AF94-D6EA-4157-8D9C-EB834542C830}
    [2013/01/29 00:44:37 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{06211DCD-1037-4666-89F0-9670B9EE53F2}
    [2013/01/28 12:44:13 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{35EEBA29-5B15-466E-956F-84543C0C4BE5}
    [2013/01/28 00:44:02 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{772FDB47-95DA-4551-9D56-A3C59076E37B}
    [2013/01/27 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{2720F17B-D634-4E4C-A46E-093E8A4163AB}
    [2013/01/26 21:13:00 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{1EC370F6-A996-4474-AEDF-4DAA0C175528}
    [2013/01/26 09:12:49 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{DAE66578-7175-464A-A694-0D130DF45BBE}
    [2013/01/25 21:12:38 | 000,000,000 | ---D | C] -- C:\Users\VPS\AppData\Local\{1EC088EB-E902-49CD-9FB8-E8937D803CE5}
    
    :Files
    C:\Program Files (x86)\RegClean Pro
    c:\program files (x86)\utorrent\utorrent.exe
    C:\users\vps\downloads\utorrent.exe
    ipconfig /flushdns /c
    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [Reboot]
    • click the Run Fix button at the top
    • let the program run unhindered, reboot when it is done
    • post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
    Logs to include in the next post:

    OTL fix log
    New OTL log
     
  13. MissRocket

    MissRocket Thread Starter

    Joined:
    Feb 19, 2013
    Messages:
    36
    Internet explorer had no reference to *127.0.0.1:9421**, **Use a proxy server ** was not checked and **Automatically detect settings** was already checked. Bypass Proxy Server is checked but the text is grayed out.

    I removed Fire Fox & Registry Repair Pro when I ran the windows repair tool and do not see the application to open it, just the folder with other files.

    I use Google Chrome for my browser and just found where it says Google Chrome is using my computer's system proxy settings to connect to the network. When I clicked on settings it took me to Internet explorer and nothing had changed.

    I did not run OTL in case you need me to change something in Chrome.
     
  14. MissRocket

    MissRocket Thread Starter

    Joined:
    Feb 19, 2013
    Messages:
    36
    Internet explorer had no reference to *127.0.0.1:9421**, **Use a proxy server ** was not checked and **Automatically detect settings** was already checked. Bypass Proxy Server is checked but the text is grayed out.

    I removed Fire Fox & Registry Repair Pro when I ran the windows repair tool and do not see the application to open it, just the folder with other files.

    I use Google Chrome for my browser and just found where it says Google Chrome is using my computer's system proxy settings to connect to the network. When I clicked on settings it took me to Internet explorer and nothing had changed.

    I did not run OTL in case you need me to change something in Chrome.
     
  15. MissRocket

    MissRocket Thread Starter

    Joined:
    Feb 19, 2013
    Messages:
    36
    Oops. Didn't realized I sent that twice..
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090236

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice