seabeetodd

# AdwCleaner v2.202 - Logfile created 04/27/2013 at 15:14:45 # Updated 23/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Todd - TODD-PC # Boot Mode : Normal # Running from : C:\Users\Todd\Desktop\Security\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\END File Deleted : C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data File Deleted : C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences File Deleted : C:\Windows\Tasks\PC Performer_DEFAULT.job Folder Deleted : C:\Program Files (x86)\1ClickDownload Folder Deleted : C:\ProgramData\Ask ***** [Registry] ***** Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7168 octets] - [27/12/2012 01:34:35] AdwCleaner[R2].txt - [1504 octets] - [27/12/2012 10:49:17] AdwCleaner[R3].txt - [1564 octets] - [28/12/2012 01:42:39] AdwCleaner[R4].txt - [1548 octets] - [26/04/2013 19:29:51] AdwCleaner[s1].txt - [7043 octets] - [27/12/2012 01:40:18] AdwCleaner[s2].txt - [1636 octets] - [28/12/2012 01:43:13] AdwCleaner[s3].txt - [2357 octets] - [27/04/2013 15:14:45] ########## EOF - C:\AdwCleaner[s3].txt - [2417 octets] ########## RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Todd [Admin rights] Mode : Remove -- Date : 04/27/2013 15:21:58 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") [-] -> DELETED [TASK][sUSP PATH] RunAsStdUser Task : "C:\Users\Todd\AppData\Local\cheerychickenSA\bin\1.0.8.0\CheeryChickenSA.exe" [x] -> DELETED [TASK][sUSP PATH] Windows Update Check - 0x0D1402B8 : C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rpeulaaql.exe /task [-] -> DELETED [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033} : NameServer (216.176.95.129,216.176.95.161) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033} : NameServer (216.176.95.129,216.176.95.161) -> NOT REMOVED, USE DNSFIX [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT721010SLA360 +++++ --- User --- [MBR] 4e429ab2b3be844df02191337f2bab0a [bSP] c6c33eca83b53313d44db8aa65917135 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942525 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930498048 | Size: 11242 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: HP Photosmart Prem USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_D_04272013_02d1521.txt >> RKreport[1]_S_04272013_02d1521.txt ; RKreport[2]_D_04272013_02d1521.txt

OTL logfile created on: 4/27/2013 2:06:11 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Todd\Desktop\Security 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.93 Gb Total Physical Memory | 6.87 Gb Available Physical Memory | 86.71% Memory free 15.86 Gb Paging File | 14.06 Gb Available in Paging File | 88.69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 920.43 Gb Total Space | 688.89 Gb Free Space | 74.84% Space Free | Partition Type: NTFS Drive D: | 10.98 Gb Total Space | 1.58 Gb Free Space | 14.44% Space Free | Partition Type: NTFS Drive E: | 3.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: TODD-PC | User Name: Todd | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Todd\Desktop\Security\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.) PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\bingsurrogate.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe () PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe () PRC - C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\wx._core_.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\_ssl.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\windows._cacheinvalidation.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\wx._gdi_.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\wx._misc_.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\_hashlib.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\pysqlite2._sqlite.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\pythoncom27.dll () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\win32com.shell.shell.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\_elementtree.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\PyWinTypes27.dll () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\win32security.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\win32api.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\_ctypes.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\wx._html2.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\_socket.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\win32process.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\win32pdh.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\win32ts.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\win32profile.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\win32crypt.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\wx._controls_.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\wx._windows_.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\wx._wizard.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\win32file.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\win32inet.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\win32event.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\unicodedata.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\pyexpat.pyd () MOD - C:\Users\Todd\AppData\Local\Temp\_MEI38082\select.pyd () MOD - C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll () MOD - C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll () MOD - C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll () MOD - C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\libid3tag.dll () MOD - C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\libaacdec.dll () MOD - C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll () MOD - C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll () MOD - C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll () MOD - C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\QtGui4.dll () MOD - C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\QtCore4.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll () MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation) SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe () SRV - (HPSLPSVC) -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir3.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes,DefaultScope = {6CE0C255-91F6-4FF7-8851-52067A45FB92} IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Todd\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC) FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Todd\AppData\Local\Roblox\Versions\version-18d29ad623804580\\NPRobloxProxy.dll () FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Todd\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Todd\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/16 18:18:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/16 18:18:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{182812ed-1c22-4e1f-9a8d-990282d594da}: C:\ProgramData\PC Performer Manager\2.5.945.13\{fc772784-ef6f-4718-83f3-3d6f8a22fa66}\FirefoxExtension [2012/09/06 10:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/04/24 20:52:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010/01/19 17:47:28 | 000,085,184 | ---- | M] (Renaissance Learning Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npRLPrint.dll [2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://search.conduit.com/?ctid=CT3227981&SearchSource=48 CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.0.1.424_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdklpjiiiehhjfjgicmefnefednelhed\1_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmggblpgblcoomebaelghgmdgdeknmhg\1.0.7_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnpakemckpkcpilpphdmcfehofhefmoa\1.1_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhlckbnnjkfnlakipclhedkhggpddeo\0.0.2_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\ O1 HOSTS File: ([2012/06/08 11:51:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001..\Run: [MusicManager] C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1 O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.15.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F57E66B0-60C0-49C0-B8B6-44854D1F37EA}: DhcpNameServer = 97.64.168.12 97.64.183.165 O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/09/28 08:30:38 | 000,055,176 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2012/09/28 04:48:28 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/27 13:23:51 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\HPAppData [2013/04/26 18:08:19 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Mining [2013/04/25 09:58:07 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\2013-04 (Apr) [2013/04/19 09:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2013 [2013/04/19 09:23:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken [2013/04/19 09:13:57 | 100,659,880 | ---- | C] (Intuit Inc. ) -- C:\Users\Todd\Desktop\QW13DLX.exe [2013/04/19 09:13:57 | 000,000,000 | ---D | C] -- C:\Users\Todd\Documents\Amazon Downloader Logs [2013/04/13 15:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/04/11 16:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/04/11 16:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/04/11 16:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/04/11 16:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/04/10 19:32:06 | 001,907,440 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysNative\drivers\HCW85BDA.sys [2013/04/10 19:32:06 | 000,139,776 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysNative\hcw85enc.ax [2013/04/10 19:32:06 | 000,110,592 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysNative\hcw85prop.ax [2013/04/10 19:32:06 | 000,033,792 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir3.sys [2013/04/10 09:29:08 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013/04/10 09:29:08 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013/04/10 09:29:07 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013/04/10 09:29:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013/04/10 09:29:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013/04/10 09:29:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013/04/10 09:28:41 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/04/10 09:28:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/04/10 09:28:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/04/10 09:28:37 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/04/10 09:28:37 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/04/10 09:28:36 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/04/10 09:28:36 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/04/10 09:28:29 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/04/10 09:28:29 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/04/10 09:28:28 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/04/10 09:28:28 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/04/10 09:28:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/04/10 09:28:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/04/06 16:37:44 | 000,000,000 | ---D | C] -- C:\Users\Todd\Documents\Custom Office Templates [2013/04/06 09:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013/04/06 09:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft [2013/04/06 09:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013/04/06 09:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2013/04/02 14:08:09 | 000,027,456 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\cpqdfw.sys [2013/04/02 14:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [2013/04/02 14:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} [2013/03/29 11:49:30 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\ftblauncher [2013/03/28 22:44:25 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\BANDISOFT [2013/03/28 22:44:23 | 000,000,000 | ---D | C] -- C:\Users\Todd\Documents\Bandicam [2013/03/28 22:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1 [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Todd\*.tmp files -> C:\Users\Todd\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/04/27 14:05:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job [2013/04/27 14:04:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/27 14:04:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/04/27 13:41:10 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/27 13:25:49 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/27 13:25:49 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/27 13:23:13 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/04/27 13:23:13 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/04/27 13:23:13 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/04/27 13:18:50 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/27 13:18:33 | 2090,135,551 | -HS- | M] () -- C:\hiberfil.sys [2013/04/27 12:34:13 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/26 18:05:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job [2013/04/25 09:41:02 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/04/25 09:41:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/04/25 03:17:36 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTodd.job [2013/04/24 15:32:53 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2013/04/24 13:43:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\PC Performer_UPDATES.job [2013/04/19 09:23:45 | 000,001,768 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk [2013/04/19 09:23:45 | 000,000,353 | ---- | M] () -- C:\Users\Public\Desktop\Free Credit Report and Score.url [2013/04/19 09:23:44 | 000,000,171 | ---- | M] () -- C:\Windows\QUICKEN.INI [2013/04/19 09:14:40 | 100,659,880 | ---- | M] (Intuit Inc. ) -- C:\Users\Todd\Desktop\QW13DLX.exe [2013/04/17 18:35:58 | 000,001,088 | ---- | M] () -- C:\Users\Todd\Desktop\.minecraft - Shortcut.lnk [2013/04/11 16:44:53 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/04/11 03:22:40 | 000,462,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/04/10 19:32:06 | 001,907,440 | ---- | M] (Hauppauge Computer Works) -- C:\Windows\SysNative\drivers\HCW85BDA.sys [2013/04/10 19:32:06 | 000,139,776 | ---- | M] (Hauppauge Computer Works) -- C:\Windows\SysNative\hcw85enc.ax [2013/04/10 19:32:06 | 000,110,592 | ---- | M] (Hauppauge Computer Works) -- C:\Windows\SysNative\hcw85prop.ax [2013/04/10 19:32:06 | 000,033,792 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir3.sys [2013/04/06 09:13:35 | 000,066,696 | ---- | M] () -- C:\Windows\VIVALDII.tt2 [2013/04/06 09:13:33 | 014,381,616 | ---- | M] () -- C:\Windows\MSYHBD.tt2 [2013/04/06 09:13:33 | 000,055,400 | ---- | M] () -- C:\Windows\OCRAEXT.tt2 [2013/04/06 09:13:28 | 021,543,568 | ---- | M] () -- C:\Windows\MSYH.tt2 [2013/04/06 09:13:27 | 000,222,632 | ---- | M] () -- C:\Windows\MSUIGHUR.tt2 [2013/04/06 09:13:17 | 014,343,024 | ---- | M] () -- C:\Windows\MSJHBD.tt2 [2013/04/06 09:13:13 | 021,302,624 | ---- | M] () -- C:\Windows\MSJH.tt2 [2013/04/06 09:13:03 | 000,094,064 | ---- | M] () -- C:\Windows\LEELAWAD.tt2 [2013/04/06 09:13:03 | 000,093,836 | ---- | M] () -- C:\Windows\LEELAWDB.tt2 [2013/04/06 09:13:01 | 000,132,516 | ---- | M] () -- C:\Windows\FRAMDCN.tt2 [2013/04/06 09:12:55 | 000,179,368 | ---- | M] () -- C:\Windows\ARIALNI.tt2 [2013/04/06 09:12:46 | 000,178,864 | ---- | M] () -- C:\Windows\ARIALNB.tt2 [2013/04/06 09:12:46 | 000,178,316 | ---- | M] () -- C:\Windows\ARIALNBI.tt2 [2013/04/06 09:12:46 | 000,173,936 | ---- | M] () -- C:\Windows\ARIALN.tt2 [2013/04/06 09:12:45 | 000,007,656 | ---- | M] () -- C:\Windows\MTEXTRA.tt2 [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/04/02 14:07:29 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Todd\*.tmp files -> C:\Users\Todd\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/27 09:48:32 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/19 09:23:45 | 000,001,768 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk [2013/04/19 09:23:45 | 000,000,353 | ---- | C] () -- C:\Users\Public\Desktop\Free Credit Report and Score.url [2013/04/17 18:35:58 | 000,001,088 | ---- | C] () -- C:\Users\Todd\Desktop\.minecraft - Shortcut.lnk [2013/04/11 16:44:53 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/04/06 09:13:41 | 000,066,696 | ---- | C] () -- C:\Windows\VIVALDII.tt2 [2013/04/06 09:13:40 | 021,543,568 | ---- | C] () -- C:\Windows\MSYH.tt2 [2013/04/06 09:13:40 | 014,381,616 | ---- | C] () -- C:\Windows\MSYHBD.tt2 [2013/04/06 09:13:40 | 000,055,400 | ---- | C] () -- C:\Windows\OCRAEXT.tt2 [2013/04/06 09:13:39 | 021,302,624 | ---- | C] () -- C:\Windows\MSJH.tt2 [2013/04/06 09:13:39 | 014,343,024 | ---- | C] () -- C:\Windows\MSJHBD.tt2 [2013/04/06 09:13:39 | 000,222,632 | ---- | C] () -- C:\Windows\MSUIGHUR.tt2 [2013/04/06 09:13:38 | 000,132,516 | ---- | C] () -- C:\Windows\FRAMDCN.tt2 [2013/04/06 09:13:38 | 000,094,064 | ---- | C] () -- C:\Windows\LEELAWAD.tt2 [2013/04/06 09:13:38 | 000,093,836 | ---- | C] () -- C:\Windows\LEELAWDB.tt2 [2013/04/06 09:13:35 | 000,179,368 | ---- | C] () -- C:\Windows\ARIALNI.tt2 [2013/04/06 09:13:35 | 000,178,864 | ---- | C] () -- C:\Windows\ARIALNB.tt2 [2013/04/06 09:13:35 | 000,178,316 | ---- | C] () -- C:\Windows\ARIALNBI.tt2 [2013/04/06 09:13:35 | 000,173,936 | ---- | C] () -- C:\Windows\ARIALN.tt2 [2013/04/06 09:13:35 | 000,007,656 | ---- | C] () -- C:\Windows\MTEXTRA.tt2 [2013/04/02 14:07:29 | 000,002,147 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2013/03/14 09:22:45 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat [2013/02/10 16:06:40 | 000,703,117 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\technic-launcher.jar [2013/01/10 21:27:31 | 000,007,605 | ---- | C] () -- C:\Users\Todd\AppData\Local\Resmon.ResmonCfg [2012/11/19 02:33:32 | 000,065,656 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2012/11/19 02:33:30 | 000,022,640 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2012/11/08 21:03:18 | 000,010,945 | ---- | C] () -- C:\Users\Todd\lakers.jpg [2012/08/14 12:57:44 | 000,027,520 | ---- | C] () -- C:\Users\Todd\AppData\Local\dt.dat [2012/08/09 09:34:37 | 000,001,075 | ---- | C] () -- C:\Users\Todd\Documents - Shortcut.lnk [2012/06/19 09:44:19 | 000,000,397 | ---- | C] () -- C:\Windows\MyHeritage.INI [2012/06/19 09:42:20 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll [2012/04/27 08:34:39 | 000,167,754 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.1 [2012/04/27 08:34:36 | 000,438,649 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.0 [2012/04/27 08:34:36 | 000,172,135 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.JPG [2011/12/15 06:23:04 | 010,920,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011/12/15 06:23:04 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011/12/15 06:23:04 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011/07/18 18:02:31 | 000,001,854 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\GhostObjGAFix.xml [2011/02/02 21:46:18 | 000,290,614 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp0804092050A.JPG [2011/01/09 22:06:58 | 000,644,496 | ---- | C] () -- C:\Users\Todd\EBOOT.BIN [2010/09/23 19:33:59 | 002,772,410 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp011.JPG [2010/08/08 10:46:55 | 000,010,622 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.0 [2010/08/08 10:46:55 | 000,009,555 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.JPG [2010/04/23 22:21:06 | 000,000,000 | ---- | C] () -- C:\Users\Todd\AppData\Local\prvlcl.dat [2010/03/27 11:36:33 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2010/03/09 10:08:34 | 000,002,868 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >

my son got something on my computer. Microsoft Security disappeared and I had to use chamelian to get MBAM to run. I ran eset online scanner and it found and supposedly removed 9 items. MBAM found about 4. Chrome is about useless and I am forced to use IE. I tried making a DDS logfile, but the text files won't pop up. Several times the DDS window will disappear as soon as I click on start. What is my next step? Thanks. mbam-log-2013-04-27 (12-45-41).txt

Thank you very much for your help. Everything seems to be working well.

sorry, the first scan from eset somehow got lost. I had to run it again, but I have been working alot so I haven't had much time. My mom said she had a pop up from speedanalysis.net. Don't know if it's related. Here is the results from eset.... C:\Qoobox\Quarantine\C\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe.vir a variant of Win32/bProtector.A application C:\Qoobox\Quarantine\C\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe.vir a variant of Win32/bProtector.A application C:\Qoobox\Quarantine\C\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js.vir Win32/bProtector.F application

Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.13.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19393 wayne :: WAYNE-PC [administrator] 2/13/2013 10:33:38 AM mbam-log-2013-02-13 (10-33-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206283 Time elapsed: 7 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:42:23 AM, on 2/13/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19393) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\wayne\Desktop\security\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 5141 bytes

so far seems to be running ok ComboFix 13-02-12.01 - wayne 02/12/2013 21:56:07.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.279 [GMT -6:00] Running from: c:\users\wayne\Desktop\security\ComboFix.exe Command switches used :: c:\users\wayne\Desktop\security\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\roboot.exe" "c:\windows\Tasks\PC Performer_DEFAULT.job" "c:\windows\Tasks\PC Performer_UPDATES.job" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\PC Performer c:\program files\PC Performer\Chinese_rcp.ini c:\program files\PC Performer\CleanSchedule.exe c:\program files\PC Performer\Danish_rcp.ini c:\program files\PC Performer\Dutch_rcp.ini c:\program files\PC Performer\eng_rcp.ini c:\program files\PC Performer\Finnish_rcp_fi.ini c:\program files\PC Performer\French_rcp.ini c:\program files\PC Performer\German_rcp.ini c:\program files\PC Performer\greek_rcp_el.ini c:\program files\PC Performer\install_left_image.bmp c:\program files\PC Performer\isxdl.dll c:\program files\PC Performer\Italian_rcp.ini c:\program files\PC Performer\Japanese_rcp.ini c:\program files\PC Performer\korean_rcp_ko.ini c:\program files\PC Performer\Norwegian_rcp.ini c:\program files\PC Performer\PCPerformer.dll c:\program files\PC Performer\PCPerformer.exe c:\program files\PC Performer\polish_rcp_pl.ini c:\program files\PC Performer\portugese_rcp_pt.ini c:\program files\PC Performer\Portuguese_rcp.ini c:\program files\PC Performer\russian_rcp_ru.ini c:\program files\PC Performer\Spanish_rcp.ini c:\program files\PC Performer\Swedish_rcp.ini c:\program files\PC Performer\TraditionalCn_rcp_zh-tw.ini c:\program files\PC Performer\turkish_rcp_tr.ini c:\program files\PC Performer\unins000.dat c:\program files\PC Performer\unins000.exe c:\program files\PC Performer\unins000.msg c:\program files\PC Performer\xmllite.dll c:\programdata\BrowserProtect c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe . . ((((((((((((((((((((((((( Files Created from 2013-01-13 to 2013-02-13 ))))))))))))))))))))))))))))))) . . 2013-02-13 04:16 . 2013-02-13 04:16 -------- d-----w- c:\users\wayne\AppData\Local\temp 2013-02-13 04:16 . 2013-02-13 04:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-13 01:13 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{236AF5FC-10EF-4534-984A-009BD0A6CA36}\mpengine.dll 2013-02-13 00:44 . 2013-02-13 00:44 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2013-02-13 00:44 . 2013-02-13 00:44 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2013-02-13 00:44 . 2013-02-13 00:44 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2013-02-13 00:44 . 2013-02-13 00:44 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2013-02-12 17:32 . 2013-02-12 17:32 -------- d-----w- c:\users\wayne\AppData\Roaming\PerformerSoft 2013-02-12 17:29 . 2013-02-12 17:29 97 ----a-w- c:\windows\DeleteOnReboot.bat 2013-02-11 17:30 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-02-08 15:09 . 2013-02-08 15:09 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-02-04 22:11 . 2013-02-04 22:11 -------- d-----w- c:\users\wayne\AppData\Roaming\StatusWinks 2013-02-04 20:00 . 2012-12-19 21:53 18096 ----a-w- c:\windows\system32\roboot.exe 2013-02-04 04:37 . 2013-02-04 04:37 -------- d-----w- c:\users\wayne\.thumbnails 2013-02-04 04:30 . 2013-02-04 04:30 -------- d-----w- c:\users\wayne\AppData\Local\fontconfig 2013-02-04 04:29 . 2013-02-04 05:01 -------- d-----w- c:\users\wayne\.gimp-2.8 2013-02-04 04:29 . 2013-02-04 04:29 -------- d-----w- c:\users\wayne\AppData\Local\gegl-0.2 2013-01-28 21:30 . 2013-01-28 21:30 -------- d-----w- c:\program files\ExFriendAlert 2013-01-15 16:02 . 2013-01-03 18:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-08 15:09 . 2012-04-18 18:22 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-08 15:09 . 2011-05-24 16:15 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-30 10:53 . 2009-10-03 12:43 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-08 01:55 . 2013-01-08 01:56 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEF072E3-4A16-4018-A1A0-48FCE583F9CF}\gapaengine.dll 2012-12-16 13:12 . 2012-12-22 09:01 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50 . 2012-12-22 09:01 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 22:49 . 2012-07-07 21:47 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-23 01:35 . 2013-01-09 14:46 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-11-20 04:22 . 2013-01-09 14:45 204288 ----a-w- c:\windows\system32\ncrypt.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240] "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime] 2009-04-11 06:27 69120 ----a-w- c:\windows\System32\conime.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2007-05-24 20:13 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor] 2009-08-05 16:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] 2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 15:09] . 2013-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823580738-3207400242-1619120060-1000Core.job - c:\users\wayne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-13 16:14] . 2013-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823580738-3207400242-1619120060-1000UA.job - c:\users\wayne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-13 16:14] . 2013-02-13 c:\windows\Tasks\User_Feed_Synchronization-{9D207CB0-3139-4CD1-8680-0E8EA35B6E29}.job - c:\windows\system32\msfeedssync.exe [2012-12-12 07:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-12 22:16 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-02-12 22:18:17 ComboFix-quarantined-files.txt 2013-02-13 04:18 ComboFix2.txt 2013-02-13 01:10 . Pre-Run: 173,176,430,592 bytes free Post-Run: 173,204,922,368 bytes free . - - End Of File - - 27E8EF7F1AA8E57790DFA512B147AABF

delta search seems to be gone, but the pc cleaner popped up before running combofix ComboFix 13-02-12.01 - wayne 02/12/2013 18:56:42.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.360 [GMT -6:00] Running from: c:\users\wayne\Desktop\security\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\DFRAB1F.tmp c:\users\wayne\AppData\Roaming\Microsoft\Windows\Recent\Facebook My Account.url . . ((((((((((((((((((((((((( Files Created from 2013-01-13 to 2013-02-13 ))))))))))))))))))))))))))))))) . . 2013-02-13 01:07 . 2013-02-13 01:07 -------- d-----w- c:\users\wayne\AppData\Local\temp 2013-02-13 01:07 . 2013-02-13 01:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-13 00:44 . 2013-02-13 00:44 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2013-02-13 00:44 . 2013-02-13 00:44 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2013-02-13 00:44 . 2013-02-13 00:44 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2013-02-13 00:44 . 2013-02-13 00:44 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2013-02-12 17:52 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC04078-2C07-4F30-8E94-162CA76476E5}\mpengine.dll 2013-02-12 17:32 . 2013-02-12 17:32 -------- d-----w- c:\users\wayne\AppData\Roaming\PerformerSoft 2013-02-12 17:29 . 2013-02-12 17:29 97 ----a-w- c:\windows\DeleteOnReboot.bat 2013-02-11 17:30 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-02-08 15:09 . 2013-02-08 15:09 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-02-04 22:11 . 2013-02-04 22:11 -------- d-----w- c:\users\wayne\AppData\Roaming\StatusWinks 2013-02-04 20:01 . 2013-02-04 20:01 -------- d-----w- c:\programdata\BrowserProtect 2013-02-04 20:00 . 2012-12-19 21:53 18096 ----a-w- c:\windows\system32\roboot.exe 2013-02-04 19:59 . 2013-02-04 22:07 -------- d-----w- c:\program files\PC Performer 2013-02-04 04:37 . 2013-02-04 04:37 -------- d-----w- c:\users\wayne\.thumbnails 2013-02-04 04:30 . 2013-02-04 04:30 -------- d-----w- c:\users\wayne\AppData\Local\fontconfig 2013-02-04 04:29 . 2013-02-04 05:01 -------- d-----w- c:\users\wayne\.gimp-2.8 2013-02-04 04:29 . 2013-02-04 04:29 -------- d-----w- c:\users\wayne\AppData\Local\gegl-0.2 2013-01-28 21:30 . 2013-01-28 21:30 -------- d-----w- c:\program files\ExFriendAlert 2013-01-15 16:02 . 2013-01-03 18:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-08 15:09 . 2012-04-18 18:22 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-08 15:09 . 2011-05-24 16:15 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-30 10:53 . 2009-10-03 12:43 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-08 01:55 . 2013-01-08 01:56 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEF072E3-4A16-4018-A1A0-48FCE583F9CF}\gapaengine.dll 2012-12-16 13:12 . 2012-12-22 09:01 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50 . 2012-12-22 09:01 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 22:49 . 2012-07-07 21:47 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-23 01:35 . 2013-01-09 14:46 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-11-20 04:22 . 2013-01-09 14:45 204288 ----a-w- c:\windows\system32\ncrypt.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240] "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime] 2009-04-11 06:27 69120 ----a-w- c:\windows\System32\conime.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2007-05-24 20:13 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor] 2009-08-05 16:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] 2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2013-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 15:09] . 2013-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823580738-3207400242-1619120060-1000Core.job - c:\users\wayne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-13 16:14] . 2013-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823580738-3207400242-1619120060-1000UA.job - c:\users\wayne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-13 16:14] . 2013-02-13 c:\windows\Tasks\PC Performer_DEFAULT.job - c:\program files\PC Performer\PCPerformer.exe [2013-02-04 21:53] . 2013-02-06 c:\windows\Tasks\PC Performer_UPDATES.job - c:\program files\PC Performer\PCPerformer.exe [2013-02-04 21:53] . 2013-02-13 c:\windows\Tasks\User_Feed_Synchronization-{9D207CB0-3139-4CD1-8680-0E8EA35B6E29}.job - c:\windows\system32\msfeedssync.exe [2012-12-12 07:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{38542454-dfb6-44f5-b052-d4e071a3d073} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{38542454-DFB6-44F5-B052-D4E071A3D073} - (no file) HKU-Default-Run-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-12 19:07 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-02-12 19:10:16 ComboFix-quarantined-files.txt 2013-02-13 01:10 . Pre-Run: 173,107,273,728 bytes free Post-Run: 173,155,577,856 bytes free . - - End Of File - - 043C57415DE050AF6A3A5E08159549E1

Results of screen317's Security Check version 0.99.57 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 CCleaner Adobe Flash Player 11.5.502.149 Adobe Reader 8 Adobe Reader out of Date! Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log`````````````````````` # AdwCleaner v2.112 - Logfile created 02/12/2013 at 11:29:00 # Updated 10/02/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : wayne - WAYNE-PC # Boot Mode : Normal # Running from : F:\adwcleaner0.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\ProgramData\BrowserProtect File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Deleted : C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\ccffg14w.default\bprotector_prefs.js File Deleted : C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\ccffg14w.default\searchplugins\delta.xml File Deleted : C:\Windows\system32\conduitEngine.tmp File Deleted : C:\Windows\Tasks\PC Performer_DEFAULT.job Folder Deleted : C:\Program Files\file scout Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\wayne\AppData\Local\Conduit Folder Deleted : C:\Users\wayne\AppData\LocalLow\Conduit Folder Deleted : C:\Users\wayne\AppData\LocalLow\Dealio Folder Deleted : C:\Users\wayne\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\wayne\AppData\Roaming\Babylon Folder Deleted : C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect Folder Deleted : C:\Users\wayne\AppData\Roaming\PerformerSoft Folder Deleted : C:\Users\wayne\AppData\Roaming\SpecialSavings ***** [Registry] ***** Key Deleted : HKCU\Software\9688d0e534eb12 Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Dealio Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PC Performer_is1 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A87B991-A31F-4130-AE72-6D0C294BF082} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E908B145-C847-4E85-B315-07E2E70DECF8} Key Deleted : HKCU\Software\PerformerSoft Key Deleted : HKLM\SOFTWARE\9688d0e534eb12 Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2857572 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Performer_is1 Key Deleted : HKLM\Software\PerformerSoft Key Deleted : HKLM\Software\Tarma Installer Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}] Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@vshsolutions.com] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.19393 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.yd.delta-search.com/?affID=119673&tt=030213_yd&babsrc=HP_ss&mntrId=b0f9a87c000000000000001d6053a6f9 --> hxxp://www.google.com -\\ Mozilla Firefox v [unable to get version] File : C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\ccffg14w.default\prefs.js C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\ccffg14w.default\user.js ... Deleted ! [OK] File is clean. -\\ Google Chrome v24.0.1312.57 File : C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://www.yahoo.com/", "hxxp://www.yd.delta-search.com/?a[...] Deleted [l.2105] : urls_to_restore_on_startup = [ "hxxp://www.yahoo.com/", "hxxp://www.yd.delta-search.com/?affI[...] ************************* AdwCleaner[s1].txt - [344 octets] - [12/02/2013 11:27:17] AdwCleaner[s2].txt - [5885 octets] - [12/02/2013 11:29:00] ########## EOF - C:\AdwCleaner[s2].txt - [5945 octets] ########## RogueKiller V8.5.0 [Feb 9 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : wayne [Admin rights] Mode : Remove -- Date : 02/12/2013 11:53:27 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT725025VLA380 ATA Device +++++ --- User --- [MBR] af44fd47ad4c6c921345c93cc17c7e26 [bSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229545 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 470110095 | Size: 8926 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_02122013_02d1153.txt >> RKreport[1]_S_02122013_02d1150.txt ; RKreport[2]_D_02122013_02d1153.txt

Hi, this is my parent's computer that I am trying to help them out with. I tried to run MBAM and it didn't clean it out. Thanks for your help. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.19393 Run by wayne at 11:21:13 on 2013-02-11 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.188 [GMT -6:00] . AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe C:\Windows\system32\igfxsrvc.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\PC Performer\PCPerformer.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Users\wayne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\wayne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\wayne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\wayne\AppData\Local\Google\Chrome\Application\chrome.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yd.delta-search.com/?affID=119673&tt=030213_yd&babsrc=HP_ss&mntrId=b0f9a87c000000000000001d6053a6f9 uWindow Title = Windows Internet Explorer provided by Yahoo! uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop uURLSearchHooks: {38542454-dfb6-44f5-b052-d4e071a3d073} - <orphaned> uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll dURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Google Update] "c:\users\wayne\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; yie8)" -"http://www.cartoonnetwork.com/games/nba/basketballshowdown/index.html" mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [sunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Conime] c:\windows\system32\conime.exe dRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{BB34FE66-7D9B-4632-8286-CEE5FCCECF50} : DHCPNameServer = 192.168.1.1 Notify: igfxcui - igfxdev.dll AppInit_DLLs= c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552] R2 BrowserProtect;BrowserProtect;c:\programdata\browserprotect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-2-4 2550224] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-28 21504] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-02-11 16:30:55 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fe6baf44-7789-446f-b665-965ad2524633}\mpengine.dll 2013-02-10 14:50:26 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-02-08 15:09:27 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-02-04 22:11:13 -------- d-----w- c:\users\wayne\appdata\roaming\StatusWinks 2013-02-04 22:11:13 -------- d-----w- c:\users\wayne\appdata\roaming\SpecialSavings 2013-02-04 20:01:01 -------- d-----w- c:\programdata\BrowserProtect 2013-02-04 20:00:12 -------- d-----w- c:\users\wayne\appdata\roaming\PerformerSoft 2013-02-04 20:00:05 18096 ----a-w- c:\windows\system32\roboot.exe 2013-02-04 19:59:44 -------- d-----w- c:\programdata\Babylon 2013-02-04 19:59:43 -------- d-----w- c:\users\wayne\appdata\roaming\Babylon 2013-02-04 19:59:43 -------- d-----w- c:\program files\PC Performer 2013-02-04 19:59:42 -------- d-----w- c:\programdata\Tarma Installer 2013-02-04 19:59:33 -------- d-----w- c:\program files\File Scout 2013-02-04 04:37:51 -------- d-----w- c:\users\wayne\.thumbnails 2013-02-04 04:30:03 -------- d-----w- c:\users\wayne\appdata\local\fontconfig 2013-02-04 04:29:59 -------- d-----w- c:\users\wayne\.gimp-2.8 2013-02-04 04:29:57 -------- d-----w- c:\users\wayne\appdata\local\gegl-0.2 2013-01-28 21:30:01 -------- d-----w- c:\program files\ExFriendAlert 2013-01-15 16:02:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb . ==================== Find3M ==================== . 2013-02-08 15:09:53 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-08 15:09:52 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe 2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 22:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-07 19:00:20 0 ----a-w- C:\DFRAB1F.tmp 2012-11-23 01:35:53 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-11-20 04:22:50 204288 ----a-w- c:\windows\system32\ncrypt.dll . ============= FINISH: 11:23:26.92 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 9/12/2007 7:10:23 PM System Uptime: 2/11/2013 11:18:00 AM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | Lancaster8 Processor: Intel® Pentium® D CPU 2.80GHz | CPU 1 | 2400/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 224 GiB total, 163.833 GiB free. D: is FIXED (NTFS) - 9 GiB total, 1.184 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.3.1 Adobe Shockwave Player aiofw aioprnt aioscnnr Bonjour BrowserProtect C4USelfUpdater CCleaner center ExFriendAlert Google Chrome Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Active Support Library 32 bit components HP Advisor HP Customer Experience Enhancements HP Customer Feedback HP Easy Setup - Frontend HP On-Screen Cap/Num/Scroll Lock Indicator HP Photosmart Essential 2.01 HP Photosmart Essential2.01 HP Update HPAsset component for HP Active Support Library Intel® Graphics Media Accelerator Driver KODAK AiO Home Center ksDIP LightScribe 1.8.15.1 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Download Manager Microsoft Office Word Viewer 2003 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee autoProducer 6.0 My HP Games OGA Notifier 2.0.0048.0 PC Performer PreReq PSSWCORE Python 2.5 Realtek High Definition Audio Driver Rhapsody Rhapsody Player Engine Roxio Activation Module Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Basic v9 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Soft Data Fax Modem with SmartCP Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VideoToolkit01 WeatherBug Gadget Windows Live ID Sign-in Assistant Yahoo! Install Manager Yahoo! Software Update Yahoo! Toolbar . ==== End Of File ===========================

Restarted computer and it worked. Results of screen317's Security Check version 0.99.50 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 JavaFX 2.1.0 Java 6 Update 20 Java 7 Update 7 Adobe Flash Player 11.5.502.135 Adobe Reader X (10.1.4) Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

it said "unsupported operating system, aborted".

that seems to have taken care of it. Thanks!

it should be above my last post. I did two posts because of the length.

OTL Extras logfile created on: 12/28/2012 9:24:46 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Todd\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.93 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 82.37% Memory free 15.86 Gb Paging File | 13.91 Gb Available in Paging File | 87.74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 920.43 Gb Total Space | 730.99 Gb Free Space | 79.42% Space Free | Partition Type: NTFS Drive D: | 10.98 Gb Total Space | 1.58 Gb Free Space | 14.44% Space Free | Partition Type: NTFS Drive E: | 3.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive N: | 298.09 Gb Total Space | 195.70 Gb Free Space | 65.65% Space Free | Partition Type: NTFS Computer Name: TODD-PC | User Name: Todd | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1680CD06-BFF7-43E4-9D08-09551A26AA3E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1B0BB38A-FC76-4E44-8A8C-40505DE6DD40}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1E853D4C-D5F0-4E43-8A41-105C80F97E30}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1FE7B7FD-B40E-4D4E-8BA8-B16ECAB38568}" = lport=445 | protocol=6 | dir=in | app=system | "{21CA8BFC-5947-44A6-A1A4-3D96A62DDE23}" = lport=138 | protocol=17 | dir=in | app=system | "{255B775F-FF61-44CE-9146-9BDD4A18CADA}" = lport=2869 | protocol=6 | dir=in | app=system | "{2949CDB7-BF91-4EEA-877C-F06C59BDB902}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{299C91C3-9AF4-493F-91C2-8C0797F2880A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{2F476D1E-5689-4AB8-B415-4193B2DEE632}" = lport=2869 | protocol=6 | dir=in | app=system | "{30EB6B80-6C97-4265-8AB8-3BA920A73E56}" = lport=139 | protocol=6 | dir=in | app=system | "{31EE1863-8632-4960-B4AF-A9CD848CC1D0}" = lport=10243 | protocol=6 | dir=in | app=system | "{3D90B995-11A0-4CD9-814F-38C3C1CCF3E5}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{549B6A82-F111-4675-B895-2613C7FACA79}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{5AF5333C-C845-4442-81BC-B317057FCFC5}" = rport=445 | protocol=6 | dir=out | app=system | "{65113FBB-6C9C-4859-8B76-0A3EE3D3BFB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{67DB2624-2E75-4638-9CBC-92B12830F962}" = lport=137 | protocol=17 | dir=in | app=system | "{6D91A60E-7B91-4082-84F8-A3E383638071}" = rport=10243 | protocol=6 | dir=out | app=system | "{7AFA6407-7F3D-46AB-8BE0-48B9258A0BAC}" = rport=139 | protocol=6 | dir=out | app=system | "{8F45F946-7C20-4A38-9B0F-67AE4A27C2A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8FA71BFA-D9EE-4711-9806-780CFD7C1C65}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{95767230-086F-43C3-A5EC-5FDCBA923860}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{96BF503D-0BB0-456E-A753-E2A28BFF53ED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{B713CCE7-980D-43E1-9987-2A284EFC620A}" = rport=138 | protocol=17 | dir=out | app=system | "{D087028D-6875-4387-B983-C97FEEC45FE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D86193DC-A120-4282-86B4-79575401FBAA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DE5E092B-D2D7-475C-8AAB-E056EAA16D7F}" = rport=137 | protocol=17 | dir=out | app=system | "{E21A6A81-5F4F-4657-B10F-3AAD8F411D17}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{EC9C387D-3314-4BD8-8FCC-7543A65F6F72}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{EE710245-9A2C-4534-8658-72619AB32F4F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CA4574-D227-4340-BE84-A66C1E5D9517}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{058CDB00-EBE0-40B2-86C9-96BB10F012A8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{05A20C0F-F2A7-4919-BD6F-B2311E4922C4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{05E8BDCA-0B3E-4B98-9F74-8B5DE3AA096B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{084CAC9D-557E-4257-BAF9-A58AB130FA07}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{094A8A16-1230-4CC0-824F-0E237E2C7AE4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{097D99DD-E37C-494C-9E13-3DED5BB54D1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{109D8345-55E4-4AF1-8974-3406D3A86142}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{13C31354-6489-4E1D-BC49-5635545899B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{166C76CD-1161-4CF7-BE9E-967B70E86CBD}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\acrobat_com\acrobat_com.exe | "{1B04AA08-AEC1-4AFA-A749-21933FDE5C51}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{1B26B320-ACB6-4CCB-8B2E-B685CFCAABF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | "{1D58355F-570B-45E7-B3A0-F46CB6697D01}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe | "{1E1D9A1D-B701-4779-B588-0CA340F48DE8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{1F78A88D-751C-4289-8258-7C18AB2EB763}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{234D10A7-5324-45C8-BDCF-5C12E55BAB75}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{294B8412-4118-427B-B461-508B834B84E7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{29BE7B43-8E37-468A-B3CC-2DF0ECD532D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | "{2A096714-2A5E-40B3-917D-8CB8EC83CD87}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2D86CF58-FA02-4EDC-8EF2-D37DE185BB0A}" = protocol=6 | dir=in | app=c:\program files (x86)\cracked steam\steam.exe | "{36E499BF-C3E0-4F10-B7E7-BB2D42EAF9F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{37BDE1AA-4668-4AB1-9791-20E3CEDBD48F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{38292E12-2C15-4468-8BE0-ECADE0F7D548}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{3BB8E727-5438-4EC5-AE8B-7F79E3DBD487}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | "{3C76E5EA-151A-4319-AEA2-6BBFE226D22D}" = protocol=17 | dir=in | app=c:\program files (x86)\cracked steam\steam.exe | "{40AEE382-03A6-4351-9053-7ECFC56BF2FB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{4C3EDE6B-35BB-4E87-A551-2CF8B21317EC}" = protocol=6 | dir=out | app=system | "{51C61B7E-5C07-454D-9F00-A387948F211B}" = dir=in | app=e:\setup\hpznui40.exe | "{52AD3331-5F58-4FA7-A0CF-B3A5A68A6D28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{59FE7FE9-CD32-4C02-B475-1D559A6B7B67}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5D073E8C-4FCA-42D1-8423-C308E9785EE8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | "{5FBB7C80-B86C-439D-8A87-35C51D130CA7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{63189DD6-013B-4CDE-B379-09C26E3F15B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | "{63DA6800-85EA-4068-9DFB-16C850CC47E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{67C94E51-8592-4659-8E38-D4971FAC20BD}" = protocol=6 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.072\redsn0w_win_0.9.9b9d\redsn0w.exe | "{699C6A2C-04BE-4525-8AF3-BA9148767E25}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\acrobat_com\acrobat_com.exe | "{6E4667F0-6966-47F5-A09A-6D72C4913B41}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{70A46F66-0999-4ECC-AE0D-3DCF994FA54F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | "{70FF40F8-886B-4323-A4D1-FE9BF4C33A38}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe | "{7173D574-D75A-4364-8B17-9F6E7688E78C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{78BAB9A5-236C-4E47-BD88-B4BA6CA15C56}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{7AD52C20-A806-4CD2-93E3-F180CB7B4F33}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7B52F2E1-3BC1-4049-B053-72DDE6610DE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | "{7E2CD4EA-3258-4436-BEB1-E7022FC58A1B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | "{7F51C8C1-AC54-4DD1-BF6D-F7A24504BCFC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{81094223-E315-46EF-BEAA-614915442DF4}" = protocol=58 | dir=in | app=system | "{8350A3CC-3099-45DB-8287-2CE810BEFD64}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{835969DA-6E12-4DCB-8D04-181F57B6C096}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | "{861A687D-B95E-4119-8310-BE3B5990A1CA}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe | "{86DC03E9-4232-4AF8-A571-B83E305A44E3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{8B5104E2-F48C-4FC2-891E-BDA4CA9D252F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8C844C3C-F24E-43F4-8A54-46C9852AF24F}" = protocol=17 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.072\redsn0w_win_0.9.9b9d\redsn0w.exe | "{90B1C4C6-D406-47ED-AA86-D20D83F17BD6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{92B29F60-CBDF-40F5-878A-13A1C8A35D76}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{9688C974-08D0-4CB6-A771-7536B7755433}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{995ED341-672C-448C-84E2-F59663ED063E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{99FF6C9B-F5F3-4B15-9FFA-8872F9414405}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{9A9E4BFF-CFCC-4EF2-9680-C78746FE3EA3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{9EF9CA63-798D-4A94-AEEB-BF956667F15B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | "{A3B68FEA-3421-4CA6-916E-734288B9C0E1}" = protocol=17 | dir=in | app=c:\program files (x86)\cracked steam\steam.exe | "{A53E508D-AC1C-4E0D-9FA5-4B9461AA8E80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe | "{AA1CCF19-B4AC-44B4-B9B3-87683100C8F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{AF487F8F-2BCD-4D60-8721-37FF472A0172}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{B16DFE60-7581-4195-AF96-7AB981C0F61C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B747DA70-ED8E-45FB-B9C3-25AD83F6FF7F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B77F6A07-924D-4364-A620-D015094BABAA}" = protocol=6 | dir=in | app=c:\program files (x86)\cracked steam\steam.exe | "{B8E704F0-F55F-4DD2-859F-BB00BA97AA9D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | "{BC0BEE85-6B85-4186-82F8-9487B032F1BC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{C4A60B30-39CA-4559-B9A6-A93051BC38D7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{CB209ED9-772B-443C-B592-8AB46540B36C}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe | "{CC1F3509-C154-4682-B9F8-A32011CB33EB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CC464FB1-809B-4372-A19A-042194C95FC3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{CC6605CA-66DA-4C46-9C3F-FA7DF77E9E39}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{CD37357C-7F7B-4757-B0AF-8518D1E04BF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CEA2A0D4-C365-4DB1-B678-299F8F2FE174}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | "{CEDA67F0-8BB8-46FA-8F3C-CB925A6A97AB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{D02F59E5-ACFD-46E1-A4FC-1E828CFD7CD2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{D06E6214-53E8-4BF2-A574-8A9BD1FAC605}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{D1DE86D8-8432-436F-864B-BFE0F07DA145}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{D67EAA50-2C2D-4CEC-BF6A-2CAA9F7AEFD2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{DA8919A1-2833-4E37-835C-17E4C4087A15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{DB78EE51-72E3-4506-AEBC-00584E9B30B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DCD166B0-3A83-4124-89E5-401EA79EBC59}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{DDFBF0BC-7BEF-4297-BF0B-ED15E5DFB883}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{DEBFE811-1F3F-438F-89FE-D87405FE1709}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | "{E09449B3-DA03-42C6-B5D6-FCBC5DEF021A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{E1151D5E-3ADE-41A0-AC3D-21E999564BDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | "{E20E16C2-63BD-4C4B-A977-9FE97B68AAD5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{E283DE0B-91FE-47E0-A486-087E69245833}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | "{E65DADA7-4EF2-40FB-9957-28C15F53D264}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E7F06056-B63C-4841-867F-E417B05D5371}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe | "{EF72D075-D276-48AA-84F5-923CBB410355}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{F1BD0DFA-4CB7-44D3-8593-EDDECFAA2DA6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{F7CAA7F2-0757-4D8A-9B91-71DEFDDEEC10}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{FB1680A2-79B2-4BD3-9537-537DCBA496A9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "TCP Query User{13B559AB-87F9-45C3-92E0-E537E6332436}C:\program files (x86)\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe | "TCP Query User{1CF616EB-680E-492B-9996-6A49324D765B}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | "TCP Query User{31A295FE-2D54-4D2E-80D2-4C87EC7C28A9}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{3C0AC2F0-B0FD-4B97-AF6F-B94170153B4F}C:\users\todd\appdata\local\temp\rar$exa0.072\redsn0w_win_0.9.9b9d\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.072\redsn0w_win_0.9.9b9d\redsn0w.exe | "TCP Query User{5ADE1AFB-3443-48F0-B597-99348A9D0C97}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{61D03E80-FB67-45DB-9B0B-1DBD83FD4272}C:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | "TCP Query User{7199E513-AE47-4D50-BB18-30560CC4AA34}C:\users\todd\appdata\local\temp\rar$exa0.261\redsn0w_win_0.9.9b9d\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.261\redsn0w_win_0.9.9b9d\redsn0w.exe | "TCP Query User{8DD9A992-E808-401B-BA4A-6FD5B350E46B}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | "TCP Query User{9452D30E-6C11-4614-9F28-B95CDD80B3C8}C:\users\todd\downloads\patchblocker.exe" = protocol=6 | dir=in | app=c:\users\todd\downloads\patchblocker.exe | "TCP Query User{9671D961-8C44-4F88-BCCA-3C6A7BD94B4B}C:\users\todd\appdata\local\temp\rar$exa0.262\patchblocker.exe" = protocol=6 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.262\patchblocker.exe | "TCP Query User{9F131C29-4BAC-4F64-800E-92762ADC4CFF}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | "TCP Query User{BACC1121-E09C-4C0A-9030-8D15EA98B20D}C:\users\todd\downloads\patchblocker (1).exe" = protocol=6 | dir=in | app=c:\users\todd\downloads\patchblocker (1).exe | "UDP Query User{00067D85-8376-48A4-891A-1185584D4100}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | "UDP Query User{16A32E0E-7491-4C59-B04C-63809E0BEC3B}C:\users\todd\appdata\local\temp\rar$exa0.261\redsn0w_win_0.9.9b9d\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.261\redsn0w_win_0.9.9b9d\redsn0w.exe | "UDP Query User{2617C18D-0599-4524-B1C8-33D7EDE25869}C:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | "UDP Query User{52B31C0A-C140-40A4-AD56-F55AB51BB6C9}C:\users\todd\appdata\local\temp\rar$exa0.072\redsn0w_win_0.9.9b9d\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.072\redsn0w_win_0.9.9b9d\redsn0w.exe | "UDP Query User{572218B7-78BF-4379-BD4E-945B00AD18A4}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{7E1B6906-4FC7-4239-A8D8-E646FD07E89B}C:\users\todd\downloads\patchblocker (1).exe" = protocol=17 | dir=in | app=c:\users\todd\downloads\patchblocker (1).exe | "UDP Query User{8320CE1A-37C6-4E12-9171-8F15C834871B}C:\users\todd\downloads\patchblocker.exe" = protocol=17 | dir=in | app=c:\users\todd\downloads\patchblocker.exe | "UDP Query User{98313F11-9A16-458B-BAEC-8CAF163671F5}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | "UDP Query User{B30BD656-DB73-44BF-A915-8E3FAEC9FDA6}C:\program files (x86)\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe | "UDP Query User{D51A5A4B-F39A-450B-AED0-0EFC5FDFE5E2}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | "UDP Query User{E29D895E-0208-49E9-B4A4-1F104D6BB498}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{EE3C9B7D-CF5F-47A5-8F39-DFC1601E0D11}C:\users\todd\appdata\local\temp\rar$exa0.262\patchblocker.exe" = protocol=17 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.262\patchblocker.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java 7 Update 5 (64-bit) "{2D2820A1-F214-4B7A-912E-A87E5608CF10}" = Motorola Mobile Drivers Installation 5.0.0 "{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}" = HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7 "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "CCleaner" = CCleaner "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "HPOCR" = OCR Software by I.R.I.S. 14.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "NVIDIA Drivers" = NVIDIA Drivers "Shop for HP Supplies" = Shop for HP Supplies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{038A524F-58DB-438A-8391-8F7F0CA14B9E}" = Microsoft® Winter Fun Pack 2004 for Windows® XP "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center "{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising "{1DDDFDF2-4A92-4E77-959F-59D196B99C0C}" = C410 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix "{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4676D76B-1BA9-4E4D-9615-72FEA5F6B007}" = Unified Remote "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C047BD9-6E24-4728-9C46-0AE4814997CF}" = DayZ Commander "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries "{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2 "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0 "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{73285A21-D3CD-47E7-9985-BD89BC22132E}" = Elgato Game Capture HD "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural "{B5408C28-8D1F-4D65-AA49-02FBD56136FF}" = WolfQuest "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC4A54D6-6591-4D01-AE21-C9ABAAF69D7F}" = Microsoft Expression Encoder 4 "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C8DEE701-578F-4D1B-9889-A5D7EB51E5F0}" = RLPrintPlugin "{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010 "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F217D8AF-965B-4D3E-8F14-AC47B9CA535B}" = PS_AIO_07_C410_SW_Min "{F9EC30D1-F688-4708-9850-CB5120074AAA}" = Microsoft Expression Encoder 4 Screen Capture Codec "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "BattlEye for A2" = BattlEye Uninstall "BattlEye for OA" = BattlEye for OA Uninstall "Civilization IV Complete" = Civilization IV Complete "Encoder_4.0.3205.0" = Microsoft Expression Encoder 4 "ESET Online Scanner" = ESET Online Scanner v3 "Family Tree Builder" = MyHeritage Family Tree Builder "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "Game Capture HD v2.3.3.38" = Game Capture HD v2.3.3.38 "HP Photo Creations" = HP Photo Creations "HP Remote Solution" = HP Remote Solution "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "MotoHelper" = MotoHelper 2.0.45 Driver 5.0.0 "Origin" = Origin "PC Performer_is1" = PC Performer "Revo Uninstaller" = Revo Uninstaller 1.94 "Steam App 17020" = Global Agenda "Steam App 219540" = ARMA 2: Operation Arrowhead Beta "Steam App 24200" = DC Universe Online "Steam App 33900" = ARMA 2 "Steam App 33930" = ARMA 2: Operation Arrowhead "Verizon V CAST Media Manager" = Verizon V CAST Media Manager "WildTangent hp Master Uninstall" = HP Games "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 beta 2 (32-bit) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "HuluDesktop" = Hulu Desktop "InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3 "MusicManager" = Music Manager "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Hewlett-Packard Events ] Error - 5/16/2012 11:15:14 AM | Computer Name = Todd-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Object '/6577472d_eb49_4d72_b958_af62004d7846/qrpp9_ho13l_sghdoqnncdnz_15.rem' has been disconnected or does not exist at the server. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 8119 Ram Utilization: 10 TargetSite: Void UpdateDetail(System.String) Error - 6/12/2012 11:45:26 AM | Computer Name = Todd-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Object '/89c68521_5bf7_443b_a506_48e4d2ebcb14/v21xvpxqkpodmhghz5uku8zw_5.rem' has been disconnected or does not exist at the server. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 8119 Ram Utilization: 20 TargetSite: Void UpdateDetail(System.String) Error - 7/16/2012 2:26:45 AM | Computer Name = Todd-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Object '/91fc7472_4504_4333_b4e2_8b36bff8d960/w0b4xzbsrasx1a7q+p4iomxm_5.rem' has been disconnected or does not exist at the server. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 8119 Ram Utilization: 10 TargetSite: Void UpdateDetail(System.String) Error - 8/27/2012 9:02:02 PM | Computer Name = Todd-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Object '/e288c67f_06e6_4321_89f3_4d1667b3a6ad/j9yr0cumoij3r_+mx6wzd54q_15.rem' has been disconnected or does not exist at the server. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 8119 Ram Utilization: 20 TargetSite: Void UpdateDetail(System.String) Error - 9/3/2012 9:05:47 PM | Computer Name = Todd-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Object '/d1da9fdd_3fb5_4c58_b8e9_ea1c76e87c8d/ybqlpwcfabccdg7od1z+n9le_5.rem' has been disconnected or does not exist at the server. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 8119 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String) Error - 9/18/2012 1:08:39 AM | Computer Name = Todd-PC | Source = HPSF.exe | ID = 4000 Description = Error - 11/16/2012 3:27:44 AM | Computer Name = Todd-PC | Source = HPSF.exe | ID = 4000 Description = Error - 11/16/2012 3:33:11 AM | Computer Name = Todd-PC | Source = HPSF.exe | ID = 4000 Description = Error - 11/16/2012 3:33:52 AM | Computer Name = Todd-PC | Source = HPSF.exe | ID = 4000 Description = Error - 11/16/2012 3:34:40 AM | Computer Name = Todd-PC | Source = HPSF.exe | ID = 4000 Description = [ System Events ] Error - 12/28/2012 10:59:50 AM | Computer Name = Todd-PC | Source = DCOM | ID = 10010 Description = < End of report >

OTL logfile created on: 12/28/2012 9:24:46 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Todd\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.93 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 82.37% Memory free 15.86 Gb Paging File | 13.91 Gb Available in Paging File | 87.74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 920.43 Gb Total Space | 730.99 Gb Free Space | 79.42% Space Free | Partition Type: NTFS Drive D: | 10.98 Gb Total Space | 1.58 Gb Free Space | 14.44% Space Free | Partition Type: NTFS Drive E: | 3.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive N: | 298.09 Gb Total Space | 195.70 Gb Free Space | 65.65% Space Free | Partition Type: NTFS Computer Name: TODD-PC | User Name: Todd | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/28 09:24:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Todd\Downloads\OTL.com PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/12/10 13:11:50 | 007,416,320 | ---- | M] (Google Inc.) -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe PRC - [2012/09/20 07:29:23 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/12/15 05:24:00 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/01/27 15:13:50 | 000,226,624 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011/01/27 15:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2009/12/01 19:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009/10/02 15:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2012/12/10 13:00:40 | 000,344,064 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll MOD - [2012/12/10 13:00:28 | 000,231,936 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll MOD - [2012/12/10 12:59:52 | 000,117,248 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\libaacdec.dll MOD - [2012/12/10 12:59:50 | 000,253,440 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\libid3tag.dll MOD - [2012/12/04 19:15:15 | 012,456,040 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll MOD - [2012/12/04 19:15:15 | 000,460,904 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll MOD - [2012/12/04 19:15:14 | 004,008,040 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll MOD - [2012/12/04 19:14:29 | 000,587,880 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll MOD - [2012/12/04 19:14:28 | 000,124,520 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll MOD - [2012/12/04 19:14:21 | 000,157,304 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll MOD - [2012/12/04 19:14:20 | 000,275,576 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll MOD - [2012/12/04 19:14:19 | 002,168,952 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll MOD - [2012/11/16 15:43:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012/11/16 15:43:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012/11/16 15:42:56 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012/11/16 15:42:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012/11/16 15:42:41 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012/11/16 15:42:39 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012/11/16 15:42:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012/11/16 15:42:35 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012/09/25 09:53:12 | 000,026,624 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll MOD - [2012/09/25 09:53:02 | 010,683,392 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll MOD - [2012/09/25 09:53:02 | 001,681,408 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll MOD - [2012/09/25 09:53:00 | 007,741,952 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\QtGui4.dll MOD - [2012/09/25 09:52:58 | 002,248,192 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\QtCore4.dll MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/12/12 15:44:08 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2011/11/11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011/11/11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011/11/11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011/11/11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011/11/11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [2011/01/27 15:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009/12/01 19:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/12/26 14:21:18 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/12/11 17:02:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/12/15 05:24:00 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/01/27 15:13:50 | 000,226,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/15 05:15:42 | 004,862,368 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2011/12/15 05:15:34 | 000,351,392 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011/11/24 22:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2011/10/04 04:22:14 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2011/10/04 04:22:14 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) DRV:64bit: - [2011/10/04 04:22:14 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2011/10/04 04:22:14 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/01/21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2010/01/21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2010/01/21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/09/11 10:19:08 | 001,705,600 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA) DRV:64bit: - [2009/09/11 10:18:28 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir) DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/05 09:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Todd\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/16 17:18:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/16 17:18:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{182812ed-1c22-4e1f-9a8d-990282d594da}: C:\ProgramData\PC Performer Manager\2.5.945.13\{fc772784-ef6f-4718-83f3-3d6f8a22fa66}\FirefoxExtension [2012/09/06 09:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/12/20 21:07:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010/01/19 16:47:28 | 000,085,184 | ---- | M] (Renaissance Learning Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npRLPrint.dll [2010/12/09 04:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://search.conduit.com/?ctid=CT3227981&SearchSource=48 CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.0.1.424_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdklpjiiiehhjfjgicmefnefednelhed\1_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmggblpgblcoomebaelghgmdgdeknmhg\1.0.7_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnpakemckpkcpilpphdmcfehofhefmoa\1.1_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhlckbnnjkfnlakipclhedkhggpddeo\0.0.2_0\ CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\ O1 HOSTS File: ([2012/06/08 10:51:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Family Tree Builder Update] C:\Users\Todd\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001..\Run: [MusicManager] C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.) O4 - Startup: C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.7.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F57E66B0-60C0-49C0-B8B6-44854D1F37EA}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/09/28 07:30:38 | 000,055,176 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2012/09/28 03:48:28 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/28 00:51:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2012/12/28 00:51:05 | 000,000,000 | ---D | C] -- C:\JRT [2012/12/27 19:13:31 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\six-zsync [2012/12/27 19:13:31 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\six-updater [2012/12/27 19:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects [2012/12/27 19:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Projects [2012/12/27 18:48:51 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\Downloaded Installations [2012/12/27 12:40:26 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\ArmA 2 OA [2012/12/27 12:03:07 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\DayZCommander [2012/12/27 12:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios [2012/12/27 09:45:57 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\RK_Quarantine [2012/12/27 03:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2012/12/26 23:47:06 | 000,000,000 | ---D | C] -- C:\Users\Todd\Documents\ArmA 2 [2012/12/26 23:47:06 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\ArmA 2 [2012/12/26 23:47:02 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2012/12/26 23:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2012/12/26 13:42:56 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2012/12/26 13:42:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2012/12/26 13:42:46 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PCPerformer [2012/12/26 13:42:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2012/12/26 13:42:37 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2012/12/26 13:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012/12/26 13:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012/12/26 13:42:15 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\LogMeIn Hamachi [2012/12/25 15:26:26 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\Logitech® Webcam Software [2012/12/25 15:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2012/12/25 15:22:26 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Leadertech [2012/12/25 15:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2012/12/25 15:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS [2012/12/25 15:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012/12/25 15:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2012/12/25 15:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd [2012/12/25 15:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd [2012/12/23 13:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato [2012/12/23 13:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Elgato [2012/12/23 13:28:02 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Elgato [2012/12/23 13:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elgato [2012/12/19 12:13:30 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\Wondershare [2012/12/19 12:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare [2012/12/19 12:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare [2012/12/19 12:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare [2012/12/19 12:13:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare [2012/12/15 16:12:44 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\META-INF [2012/12/14 09:55:17 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\My Games [2012/12/14 09:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games [2012/12/14 09:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games [2012/12/04 07:11:23 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\New folder [2012/12/02 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\Minecraft_Server [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Todd\*.tmp files -> C:\Users\Todd\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/28 09:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/28 08:59:52 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job [2012/12/28 08:59:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/28 00:51:38 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/28 00:51:38 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/28 00:48:48 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/28 00:48:48 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/28 00:48:48 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/28 00:44:17 | 2090,135,551 | -HS- | M] () -- C:\hiberfil.sys [2012/12/27 19:13:02 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk [2012/12/27 19:13:02 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk [2012/12/27 15:01:10 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2012/12/27 12:32:59 | 000,000,222 | ---- | M] () -- C:\Users\Todd\Desktop\ARMA 2 Operation Arrowhead Beta.url [2012/12/27 12:20:38 | 000,001,368 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk [2012/12/27 00:38:55 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTodd.job [2012/12/27 00:38:55 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\PC Performer_UPDATES.job [2012/12/26 16:44:37 | 000,000,221 | ---- | M] () -- C:\Users\Todd\Desktop\ARMA 2 Operation Arrowhead.url [2012/12/26 16:27:45 | 000,000,221 | ---- | M] () -- C:\Users\Todd\Desktop\ARMA 2.url [2012/12/26 10:44:48 | 000,002,184 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Seasons.lnk [2012/12/26 10:39:53 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012/12/26 10:39:22 | 000,002,228 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Supernatural.lnk [2012/12/26 08:34:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job [2012/12/25 15:21:54 | 000,001,586 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2012/12/23 13:28:31 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Game Capture HD.lnk [2012/12/22 03:17:31 | 000,359,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/19 15:53:34 | 000,019,632 | ---- | M] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2012/12/14 09:46:04 | 000,002,605 | ---- | M] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 - Colonization.lnk [2012/12/14 09:43:41 | 000,002,802 | ---- | M] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 - Beyond The Sword.lnk [2012/12/14 09:38:21 | 000,002,709 | ---- | M] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 - Warlords.lnk [2012/12/14 09:36:44 | 000,002,567 | ---- | M] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 Complete.lnk [2012/12/12 19:29:15 | 000,002,481 | ---- | M] () -- C:\Users\Todd\Desktop\Google Chrome.lnk [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Todd\*.tmp files -> C:\Users\Todd\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/27 19:13:02 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Updater.lnk [2012/12/27 19:13:02 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Launcher.lnk [2012/12/27 12:32:59 | 000,000,222 | ---- | C] () -- C:\Users\Todd\Desktop\ARMA 2 Operation Arrowhead Beta.url [2012/12/27 12:02:49 | 000,001,368 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk [2012/12/26 16:44:37 | 000,000,221 | ---- | C] () -- C:\Users\Todd\Desktop\ARMA 2 Operation Arrowhead.url [2012/12/26 16:27:45 | 000,000,221 | ---- | C] () -- C:\Users\Todd\Desktop\ARMA 2.url [2012/12/26 13:43:12 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2012/12/26 13:43:11 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\PC Performer_UPDATES.job [2012/12/26 10:44:48 | 000,002,184 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Seasons.lnk [2012/12/26 10:39:22 | 000,002,228 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Supernatural.lnk [2012/12/25 15:21:54 | 000,001,586 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2012/12/23 13:28:31 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Game Capture HD.lnk [2012/12/14 09:46:04 | 000,002,605 | ---- | C] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 - Colonization.lnk [2012/12/14 09:43:41 | 000,002,802 | ---- | C] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 - Beyond The Sword.lnk [2012/12/14 09:38:21 | 000,002,709 | ---- | C] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 - Warlords.lnk [2012/12/14 09:36:44 | 000,002,567 | ---- | C] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 Complete.lnk [2012/11/08 20:03:18 | 000,010,945 | ---- | C] () -- C:\Users\Todd\lakers.jpg [2012/08/14 11:57:44 | 000,027,520 | ---- | C] () -- C:\Users\Todd\AppData\Local\dt.dat [2012/08/09 08:34:37 | 000,001,075 | ---- | C] () -- C:\Users\Todd\Documents - Shortcut.lnk [2012/06/19 08:44:19 | 000,000,397 | ---- | C] () -- C:\Windows\MyHeritage.INI [2012/06/19 08:42:20 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll [2012/04/27 07:34:39 | 000,167,754 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.1 [2012/04/27 07:34:36 | 000,438,649 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.0 [2012/04/27 07:34:36 | 000,172,135 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.JPG [2011/12/15 05:23:04 | 010,920,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011/12/15 05:23:04 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011/12/15 05:23:04 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011/07/18 17:02:31 | 000,001,854 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\GhostObjGAFix.xml [2011/04/25 12:14:51 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/02/02 20:46:18 | 000,290,614 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp0804092050A.JPG [2011/01/24 17:51:48 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat.temp [2011/01/16 17:10:37 | 000,212,799 | ---- | C] () -- C:\Windows\hpoins52.dat [2011/01/09 21:06:58 | 000,644,496 | ---- | C] () -- C:\Users\Todd\EBOOT.BIN [2010/09/23 18:33:59 | 002,772,410 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp011.JPG [2010/08/08 09:46:55 | 000,010,622 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.0 [2010/08/08 09:46:55 | 000,009,555 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.JPG [2010/04/23 21:21:06 | 000,000,000 | ---- | C] () -- C:\Users\Todd\AppData\Local\prvlcl.dat [2010/03/27 10:36:33 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2010/03/09 09:08:34 | 000,002,868 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/12/27 19:02:12 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\.minecraft [2012/12/24 14:03:22 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\.techniclauncher [2012/09/06 12:51:48 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/12/23 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Elgato [2012/09/16 14:34:42 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Hi-Rez Studios [2012/12/25 15:22:26 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Leadertech [2012/06/19 08:47:55 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\MyHeritage [2010/11/23 20:45:33 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\OpenOffice.org [2012/12/26 10:40:51 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Origin [2010/03/01 13:07:51 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\PictureMover [2011/09/30 09:11:48 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Red Alert 3 [2012/10/06 10:00:25 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\redsn0w [2012/12/27 19:13:53 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\six-updater [2012/12/27 19:13:31 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\six-zsync [2012/08/13 08:49:34 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\skyz [2012/09/03 10:56:00 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Softland [2010/06/22 14:58:20 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Template [2012/06/19 08:42:19 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\The Complete Genealogy Reporter - FTB [2010/03/08 08:21:16 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Tific [2011/09/26 11:26:04 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Unified Remote [2011/01/15 17:29:12 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Visan [2010/03/25 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\WinBatch [2011/04/07 16:20:37 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report >

The conduit search tab still appears when I start Chrome

# AdwCleaner v2.103 - Logfile created 12/28/2012 at 00:43:13 # Updated 25/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Todd - TODD-PC # Boot Mode : Normal # Running from : C:\Users\Todd\Downloads\adwcleaner (1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Folder Deleted : C:\Users\Todd\AppData\Roaming\PerformerSoft ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7168 octets] - [27/12/2012 00:34:35] AdwCleaner[R2].txt - [1504 octets] - [27/12/2012 09:49:17] AdwCleaner[R3].txt - [1564 octets] - [28/12/2012 00:42:39] AdwCleaner[s1].txt - [7043 octets] - [27/12/2012 00:40:18] AdwCleaner[s2].txt - [1507 octets] - [28/12/2012 00:43:13] ########## EOF - C:\AdwCleaner[s2].txt - [1567 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.2.8 (12.27.2012:2) OS: Windows 7 Home Premium x64 Ran by Todd on Fri 12/28/2012 at 0:51:29.39 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{37483b40-c254-4a72-bda4-22ee90182c1e} Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} ~~~ Registry Keys Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-1413658493-208379941-2510509854-1001\software\web assistant" Successfully deleted: [Registry Key] hkey_current_user\software\filescout Successfully deleted: [Registry Key] hkey_current_user\software\performersoft Successfully deleted: [Registry Key] hkey_local_machine\software\performersoft Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6} ~~~ Files Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\Users\Todd\AppData\Roaming\performersoft" Successfully deleted: [Folder] "C:\Program Files (x86)\file scout" Successfully deleted: [Folder] "C:\Program Files (x86)\pc performer" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc performer" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 12/28/2012 at 0:55:29.76 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.103 - Logfile created 12/27/2012 at 09:49:17 # Updated 25/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Todd - TODD-PC # Boot Mode : Normal # Running from : C:\Users\Todd\Downloads\adwcleaner (1).exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Folder Found : C:\Users\Todd\AppData\Roaming\PerformerSoft ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7168 octets] - [27/12/2012 00:34:35] AdwCleaner[R2].txt - [1315 octets] - [27/12/2012 09:49:17] AdwCleaner[s1].txt - [7043 octets] - [27/12/2012 00:40:18] ########## EOF - C:\AdwCleaner[R2].txt - [1435 octets] ########## RogueKiller V8.4.1 [Dec 27 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Todd [Admin rights] Mode : Scan -- Date : 12/27/2012 09:46:26 ¤¤¤ Bad processes : 3 ¤¤¤ [sUSP PATH] MusicManager.exe -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe -> KILLED [TermProc] [sUSP PATH] GoogleCrashHandler.exe -- C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe -> KILLED [TermProc] [sUSP PATH] GoogleCrashHandler64.exe -- C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 10 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1413658493-208379941-2510509854-1001[...]\Run : MusicManager ("C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND [TASK][sUSP PATH] RunAsStdUser Task : "C:\Users\Todd\AppData\Local\cheerychickenSA\bin\1.0.8.0\CheeryChickenSA.exe" -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033} : NameServer (216.176.95.129,216.176.95.161) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033} : NameServer (216.176.95.129,216.176.95.161) -> FOUND [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT721010SLA360 +++++ --- User --- [MBR] 4e429ab2b3be844df02191337f2bab0a [bSP] c6c33eca83b53313d44db8aa65917135 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942525 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930498048 | Size: 11242 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Maxtor 3200 USB Device +++++ --- User --- [MBR] 753957cf0bfe82d02b91cb4fca2411c7 [bSP] 2871bdccde8cdce0919fe98d2a30f585 : Legit3 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: HP Photosmart Prem USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_12272012_02d0946.txt >> RKreport[1]_S_12272012_02d0946.txt

Hi, I am getting a tab from conduit com that is opening up when I start chrome. I am also getting a pop up window from PC helper. Please help. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2 Run by Todd at 9:07:08 on 2012-12-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6391 [GMT -6:00] . AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\SysWOW64\schtasks.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\taskeng.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\msiexec.exe C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uURLSearchHooks: {37483b40-c254-4a72-bda4-22ee90182c1e} - <orphaned> BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Google Update] "C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [MusicManager] "C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Family Tree Builder Update] C:\Users\Todd\MyHeritage\Bin\FTBCheckUpdates.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide StartupFolder: C:\Users\Todd\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:149 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033} : NameServer = 216.176.95.129,216.176.95.161 TCP: Interfaces\{F57E66B0-60C0-49C0-B8B6-44854D1F37EA} : DHCPNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll AppInit_DLLs= c:\progra~3\pcperf~1\25945~1.13\{fc772~1\pcpmngr.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-24 13336] R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-1-27 226624] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848] R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-11-24 1705600] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-24 56344] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392] R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-12-15 4862368] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-24 239616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2011-11-24 98616] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-27 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-5 1255736] . =============== Created Last 30 ================ . 2012-12-27 09:00:50 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2012-12-27 06:44:50 -------- d-----w- C:\Users\Todd\AppData\Roaming\PerformerSoft 2012-12-27 06:33:51 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ABE16860-B558-4092-917C-542D9EEB9619}\offreg.dll 2012-12-27 05:47:06 -------- d-----w- C:\Users\Todd\AppData\Local\ArmA 2 2012-12-26 19:42:56 19632 ----a-w- C:\Windows\System32\roboot64.exe 2012-12-26 19:42:53 -------- d-----w- C:\Program Files (x86)\PC Performer 2012-12-26 19:42:48 -------- d-----w- C:\Program Files (x86)\File Scout 2012-12-26 19:42:46 -------- d-----w- C:\Windows\SysWow64\searchplugins 2012-12-26 19:42:46 -------- d-----w- C:\Windows\SysWow64\Extensions 2012-12-26 19:42:37 33856 ---ha-w- C:\Windows\System32\hamachi.sys 2012-12-26 19:42:34 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2012-12-26 19:42:15 -------- d-----w- C:\Users\Todd\AppData\Local\LogMeIn Hamachi 2012-12-26 18:53:06 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ABE16860-B558-4092-917C-542D9EEB9619}\mpengine.dll 2012-12-25 21:28:12 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-25 21:26:26 -------- d-----w- C:\Users\Todd\AppData\Local\Logitech® Webcam Software 2012-12-25 21:22:26 53248 ----a-r- C:\Users\Todd\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-12-25 21:22:06 -------- d-----w- C:\Program Files (x86)\Common Files\LWS 2012-12-23 19:28:29 -------- d-----w- C:\Program Files\Elgato 2012-12-23 19:28:02 -------- d-----w- C:\Users\Todd\AppData\Roaming\Elgato 2012-12-23 19:27:50 -------- d-----w- C:\Program Files (x86)\Elgato 2012-12-22 09:00:36 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-22 09:00:36 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-22 09:00:35 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-22 09:00:34 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-19 18:13:30 -------- d-----w- C:\Users\Todd\AppData\Local\Wondershare 2012-12-19 18:13:29 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare 2012-12-19 18:13:23 -------- d-----w- C:\Program Files (x86)\Wondershare 2012-12-14 15:55:17 -------- d-----w- C:\Users\Todd\AppData\Local\My Games 2012-12-14 15:16:41 -------- d-----w- C:\Program Files (x86)\2K Games 2012-12-13 20:30:28 5955856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2012-11-30 01:32:35 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52B7B6BD-4D46-4963-9306-12E011C25822}\gapaengine.dll . ==================== Find3M ==================== . 2012-12-11 23:02:14 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-11 23:02:14 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-27 06:26:55 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-27 05:51:21 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 9:07:30.53 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 3/1/2010 1:00:41 PM System Uptime: 12/27/2012 8:23:26 AM (1 hours ago) . Motherboard: MSI | | IONA Processor: Intel® Core i5 CPU 650 @ 3.20GHz | CPU 1 | 2528/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 920 GiB total, 732.864 GiB free. D: is FIXED (NTFS) - 11 GiB total, 1.585 GiB free. E: is CDROM (UDF) F: is Removable G: is Removable H: is Removable I: is Removable K: is Removable N: is FIXED (NTFS) - 298 GiB total, 195.698 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart Prem C410 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart Prem C410 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP349: 12/26/2012 11:44:47 PM - Installed DirectX RP350: 12/27/2012 3:00:30 AM - Windows Update RP351: 12/27/2012 8:54:48 AM - Removed LogMeIn Hamachi RP352: 12/27/2012 8:56:13 AM - Removed LogMeIn Hamachi . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Adobe Shockwave Player 11.5 AnswerWorks 5.0 English Runtime Apple Application Support Apple Mobile Device Support Apple Software Update ARMA 2 ARMA 2: Operation Arrowhead AVG 2012 BattlEye Uninstall Bonjour BufferChm C410 CameraHelperMsi CamStudio OSS Desktop Recorder CCleaner Civilization IV Complete Command & Conquer™ Red Alert™ 3 Compatibility Pack for the 2007 Office system CyberLink DVD Suite Deluxe D3DX10 DC Universe Online Destinations DeviceDiscovery DirectX for Managed Code Update (Summer 2004) DocProc DVD Menu Pack for HP MediaSmart Video Elgato Game Capture HD erLT ESET Online Scanner v3 Fax ffdshow [rev 2527] [2008-12-19] Game Capture HD v2.3.3.38 Global Agenda Google Chrome Google Talk Plugin GPBaseService2 Hewlett-Packard ACLM.NET v1.1.1.0 HiJackThis HP Advisor HP Customer Experience Enhancements HP Customer Participation Program 14.0 HP Games HP Imaging Device Functions 14.0 HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP MediaSmart SmartMenu HP MediaSmart/TouchSmart Netflix HP Odometer HP Photo Creations HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7 HP Remote Solution HP Setup HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Support Assistant HP Support Information HP Update HPAppStudio HPPhotoGadget HPProductAssistant HPSSupply Hulu Desktop Intel® Rapid Storage Technology Internet TV for Windows Media Center iTunes Java 7 Update 7 Java Auto Updater Java 6 Update 20 Java 7 Update 5 (64-bit) JavaFX 2.1.0 Junk Mail filter update LabelPrint LG USB Modem driver LightScribe System Software Logitech Webcam Software LogMeIn Hamachi LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.65.1.1000 MarketResearch Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Expression Encoder 4 Microsoft Expression Encoder 4 Screen Capture Codec Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Works Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 4.0 Microsoft® Winter Fun Pack 2004 for Windows® XP MotoHelper 2.0.45 Driver 5.0.0 MotoHelper MergeModules Motorola Mobile Drivers Installation 5.0.0 Movie Theme Pack for HP MediaSmart Video MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Music Manager MyHeritage Family Tree Builder Netflix in Windows Media Center Network64 NVIDIA Drivers NVIDIA PhysX OCR Software by I.R.I.S. 14.0 OF Dragon Rising OpenOffice.org 3.2 Origin PC Performer PictureMover PlayReady PC Runtime amd64 Power2Go PowerDirector PS_AIO_07_C410_SW_Min Quicken 2010 QuickTransfer Realtek High Definition Audio Driver Recovery Manager Revo Uninstaller 1.94 RLPrintPlugin SAMSUNG USB Driver for Mobile Phones Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Shop for HP Supplies Skype Click to Call Skype™ 5.10 SmartWebPrinting SolutionCenter SpeechRedist Status Steam The Sims Medieval The Sims™ 3 The Sims™ 3 Pets The Sims™ 3 Seasons The Sims™ 3 Supernatural Toolbox TrayApp Unified Remote Unreal Tournament 3 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App Verizon V CAST Media Manager Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables WebReg WildTangent Games App (HP Games) Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.20 beta 2 (32-bit) WolfQuest Zoo Tycoon 2 - Ultimate Collection . ==== Event Viewer Messages From Past Week ======== . 12/27/2012 12:43:14 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 12/26/2012 2:21:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 12/26/2012 2:21:28 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/26/2012 1:42:37 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 12/26/2012 1:42:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect. 12/26/2012 1:42:37 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================

Ok, think I got everything except flash player tells me that it's part of Chrome and will update automatically if needed

Results of screen317's Security Check version 0.99.50 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.0 Java version out of Date! Adobe Flash Player 11.3.300.271 Flash Player out of Date! Adobe Reader X 10.1.3 Adobe Reader out of Date! Google Chrome 21.0.1180.89 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgtray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

it seems the toolbar is gone. Anything else I should do?

I unistalled Firefox and restarted my computer however, I still have that toolbar in Chrome.

use a program such as ccleaner to uninstall firefox