Jump to content

michiganmike

Members
  • Content Count

    60
  • Joined

  • Last visited

Posts posted by michiganmike


  1. This is the most recent scan with FRST.   BUT , I do not understand how to execute the FIX.     When I run FRST and select FIX ....the following is posted "No fixlist.txt found. the fixlist.txt should be in the same folder /directdory the tool is located."    Is the fixlist  any where below ?

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015Ran by Michael (administrator) on BASEMENTDESKTOP on 23-01-2015 17:50:59Running from C:\Users\Michael\DownloadsLoaded Profiles: Michael (Available profiles: Michael)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Maxtor Corporation) C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe() C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\splwow64.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [10613760 2013-11-28] (Broadcom Corporation)HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exeHKLM-x32\...\Run: [basicsmssmenu] => C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517640 2013-05-30] (Seagate Technology LLC)HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-05-30] (Seagate Technology LLC)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1StartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-17]Chrome: =======CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-22]CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]CHR Extension: (Eclipse.TV) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgclhadgalphbjbailpceklmmhebajln [2014-03-15]CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]CHR Extension: (Logitech SetPoint) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-08-22]CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-17]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-10] (Microsoft Corporation)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [6036480 2013-11-28] (Broadcom Corporation) [File not signed]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2014-11-12] (Broadcom Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-11-28] (Broadcom Corporation.)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-23] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)U3 afkoyaob; \??\C:\Users\Michael\AppData\Local\Temp\afkoyaob.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-23 17:50 - 2015-01-23 17:50 - 00022911 _____ () C:\Users\Michael\Downloads\FRST.txt2015-01-23 17:40 - 2015-01-23 17:40 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe2015-01-19 18:37 - 2015-01-19 18:37 - 00380416 _____ () C:\Users\Michael\Downloads\i3oyvhr8.exe2015-01-19 18:35 - 2015-01-19 18:35 - 00380416 _____ () C:\Users\Michael\Downloads\b4scyfu9.exe2015-01-18 19:16 - 2015-01-18 19:16 - 00003114 _____ () C:\WINDOWS\System32\Tasks\{34C24717-83B7-4CA3-879A-425DBA510E1D}2015-01-18 14:56 - 2015-01-18 14:55 - 01110476 _____ () C:\Users\Michael\Downloads\Setup [1].exe2015-01-18 14:55 - 2015-01-18 14:55 - 00729264 _____ ( ) C:\Users\Michael\Downloads\Setup.exe2015-01-18 14:46 - 2014-01-18 00:41 - 4284854147 _____ () C:\Users\Michael\Downloads\00410001.MOV2015-01-18 13:58 - 2015-01-18 13:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B64C6B58-C42D-4F9C-A137-231BB8B4C08B}2015-01-18 04:52 - 2015-01-20 19:00 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat2015-01-14 06:18 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2015-01-14 06:18 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe2015-01-14 06:18 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys2015-01-14 06:18 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe2015-01-14 06:18 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe2015-01-14 06:18 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll2015-01-14 06:18 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll2015-01-14 06:18 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2015-01-14 06:18 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2015-01-14 06:18 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe2015-01-14 06:18 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2015-01-14 06:18 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2015-01-14 06:18 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe2015-01-14 06:18 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2015-01-14 06:18 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2015-01-14 06:18 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2015-01-14 06:18 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll2015-01-14 06:18 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll2015-01-14 06:18 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll2015-01-14 06:18 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2015-01-14 06:18 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll2015-01-12 20:15 - 2015-01-12 20:15 - 00000000 ____D () C:\Users\Michael\AppData\Local\{4E75AF93-58E9-413A-92DC-37DA6E9C3A97}2015-01-11 18:40 - 2015-01-11 18:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\{E06552DE-1DC6-48B9-97B8-3DE31060E9D8}2015-01-02 22:02 - 2015-01-02 22:02 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task2014-12-31 22:48 - 2014-12-31 22:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\{F03CD2F3-0E03-4361-B956-93A8FA4D671B}2014-12-31 22:48 - 2014-12-31 22:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\{51A9BF10-38C5-40A4-AB00-3283EDC03950}2014-12-29 20:43 - 2014-12-29 20:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B27ADE1E-4FC5-427A-AC3F-3EB12EDE0E36}2014-12-27 19:10 - 2014-12-27 19:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{BBCA7504-2585-4AC3-92F8-6595E820D855}2014-12-27 19:10 - 2014-12-27 19:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B94BF544-116D-41B7-AC88-0F87B3A0BE28}2014-12-27 11:12 - 2015-01-22 22:19 - 00000360 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job2014-12-27 11:12 - 2014-12-27 11:12 - 00003286 _____ () C:\WINDOWS\System32\Tasks\HP Photo Creations Communicator2014-12-27 11:12 - 2014-12-27 11:12 - 00000000 ____D () C:\ProgramData\Visan2014-12-26 18:27 - 2014-12-26 18:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D50631F4-D3E1-4307-BBAF-19B94B1F8272}==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-23 17:51 - 2014-06-11 17:19 - 00000000 ____D () C:\FRST2015-01-23 17:46 - 2014-06-11 17:20 - 00035068 _____ () C:\Users\Michael\Downloads\Addition.txt2015-01-23 17:38 - 2014-06-15 19:38 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-01-23 17:33 - 2014-11-10 19:06 - 01180193 _____ () C:\WINDOWS\WindowsUpdate.log2015-01-23 17:26 - 2012-12-17 11:05 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4EEA9D32-882F-444D-A469-D56BACDC089C}2015-01-23 17:25 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-01-23 17:23 - 2014-11-10 18:37 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs2015-01-23 06:20 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-01-23 06:18 - 2013-01-11 22:05 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-01-21 18:22 - 2012-12-17 11:13 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3304380047-1144064881-2346535376-10012015-01-21 17:51 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-01-21 17:45 - 2014-06-04 17:24 - 00003190 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForMichael2015-01-21 17:45 - 2014-06-04 17:24 - 00000372 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForMichael.job2015-01-21 17:45 - 2012-12-17 19:14 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log2015-01-21 17:44 - 2012-12-17 19:14 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2015-01-20 19:00 - 2014-11-10 19:16 - 00000000 ____D () C:\Users\Michael\OneDrive2015-01-20 18:59 - 2013-08-22 09:46 - 00300999 _____ () C:\WINDOWS\setupact.log2015-01-20 18:59 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-01-20 18:59 - 2013-01-11 22:05 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-01-20 18:58 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI2015-01-18 14:57 - 2013-08-22 16:59 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-01-18 04:41 - 2014-09-24 02:03 - 00020502 _____ () C:\WINDOWS\PFRO.log2015-01-14 20:38 - 2013-08-14 15:17 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-01-14 20:33 - 2012-12-21 17:00 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-01-14 20:28 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2015-01-12 18:46 - 2014-06-19 21:25 - 00870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma2015-01-12 18:46 - 2014-06-19 21:25 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A2015-01-12 18:27 - 2014-09-24 02:15 - 00956540 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-01-08 19:59 - 2012-08-01 22:15 - 00000000 ____D () C:\SWSETUP2015-01-05 19:08 - 2014-11-15 19:52 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-01-05 19:08 - 2014-11-15 19:52 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-12-31 06:14 - 2013-02-15 22:31 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2014-12-29 18:35 - 2014-03-21 22:16 - 00000000 ____D () C:\Users\Michael\Documents\Terries Stuff2014-12-27 11:12 - 2013-08-07 18:38 - 00002009 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk2014-12-27 11:12 - 2013-08-07 18:38 - 00000000 ____D () C:\ProgramData\HP Photo Creations2014-12-27 11:12 - 2013-08-07 18:38 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations==================== Files in the root of some directories =======2013-02-16 22:27 - 2013-02-16 22:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll2014-06-19 21:25 - 2015-01-12 18:46 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A2014-06-19 21:25 - 2015-01-12 18:46 - 0870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma2014-06-02 20:48 - 2014-06-02 20:48 - 0068782 _____ () C:\Users\Michael\AppData\Local\rvxxbgxb2013-04-22 19:12 - 2013-04-22 19:31 - 4126848 _____ () C:\Users\Michael\AppData\Local\rx_audio.Cache2013-04-21 19:10 - 2013-04-22 19:31 - 69447856 _____ () C:\Users\Michael\AppData\Local\rx_image32.Cache2013-08-07 18:34 - 2013-08-21 19:11 - 0003736 _____ () C:\ProgramData\hpzinstall.log2012-12-17 11:04 - 2012-12-17 11:04 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc2012-07-30 19:51 - 2012-07-30 19:51 - 0002454 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-01-20 19:39==================== End Of Log ============================

  2. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

    Ran by Michael (administrator) on BASEMENTDESKTOP on 20-01-2015 19:05:16

    Running from C:\Users\Michael\Downloads

    Loaded Profiles: Michael (Available profiles: Michael)

    Platform: Windows 8.1 (X64) OS Language: English (United States)

    Internet Explorer Version 11 (Default browser: Chrome)

    Boot Mode: Normal

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe

    (AMD) C:\Windows\System32\atieclxx.exe

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe

    () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe

    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe

    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

    () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe

    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

    (Microsoft Corporation) C:\Windows\System32\dasHost.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe

    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE

    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

    (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe

    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE

    (Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe

    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

    (Maxtor Corporation) C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe

    (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

    () C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    () C:\ProgramData\HP Photo Creations\Communicator.exe

    (Farbar) C:\Users\Michael\Downloads\FRST64 (8).exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)

    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [10613760 2013-11-28] (Broadcom Corporation)

    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)

    HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)

    HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)

    HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

    HKLM-x32\...\Run: [basicsmssmenu] => C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)

    HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517640 2013-05-30] (Seagate Technology LLC)

    HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)

    HKLM-x32\...\Run: [] => [X]

    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)

    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)

    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

    HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)

    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)

    HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)

    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)

    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

    HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-05-30] (Seagate Technology LLC)

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

    ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1

    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1

    HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1

    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

    SearchScopes: HKLM -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

    SearchScopes: HKLM-x32 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

    SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

    SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

    SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

    BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)

    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

    BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)

    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

    FireFox:

    ========

    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-17]

    Chrome:

    =======

    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

    CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default

    CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-22]

    CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]

    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]

    CHR Extension: (Eclipse.TV) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgclhadgalphbjbailpceklmmhebajln [2014-03-15]

    CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]

    CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]

    CHR Extension: (Logitech SetPoint) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-08-22]

    CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

    CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]

    CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-17]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()

    R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)

    S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)

    R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()

    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

    R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)

    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

    R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()

    S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)

    S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)

    R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)

    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]

    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-10] (Microsoft Corporation)

    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)

    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)

    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

    R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [6036480 2013-11-28] (Broadcom Corporation) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)

    R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2014-11-12] (Broadcom Corporation)

    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)

    R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-11-28] (Broadcom Corporation.)

    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

    R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

    R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation)

    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)

    R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)

    R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)

    R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)

    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-20 19:04 - 2015-01-20 19:05 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (8).exe

    2015-01-20 18:57 - 2015-01-20 18:57 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (7).exe

    2015-01-20 18:56 - 2015-01-20 18:56 - 00003630 _____ () C:\Users\Michael\Desktop\fixlist (1).txt

    2015-01-20 18:55 - 2015-01-20 18:55 - 00003630 _____ () C:\Users\Michael\Downloads\fixlist (2).txt

    2015-01-20 18:55 - 2015-01-20 18:55 - 00003630 _____ () C:\Users\Michael\Downloads\fixlist (1).txt

    2015-01-20 18:47 - 2015-01-20 18:47 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (6).exe

    2015-01-19 18:37 - 2015-01-19 18:37 - 00380416 _____ () C:\Users\Michael\Downloads\i3oyvhr8.exe

    2015-01-19 18:35 - 2015-01-19 18:35 - 00380416 _____ () C:\Users\Michael\Downloads\b4scyfu9.exe

    2015-01-19 18:23 - 2015-01-19 18:24 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (5).exe

    2015-01-19 18:21 - 2015-01-19 18:21 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (4).exe

    2015-01-18 19:16 - 2015-01-18 19:16 - 00003114 _____ () C:\WINDOWS\System32\Tasks\{34C24717-83B7-4CA3-879A-425DBA510E1D}

    2015-01-18 14:56 - 2015-01-18 14:55 - 01110476 _____ () C:\Users\Michael\Downloads\Setup [1].exe

    2015-01-18 14:55 - 2015-01-18 14:55 - 00729264 _____ ( ) C:\Users\Michael\Downloads\Setup.exe

    2015-01-18 14:46 - 2014-01-18 00:41 - 4284854147 _____ () C:\Users\Michael\Downloads\00410001.MOV

    2015-01-18 13:58 - 2015-01-18 13:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B64C6B58-C42D-4F9C-A137-231BB8B4C08B}

    2015-01-18 04:52 - 2015-01-20 19:00 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat

    2015-01-14 06:18 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

    2015-01-14 06:18 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe

    2015-01-14 06:18 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys

    2015-01-14 06:18 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

    2015-01-14 06:18 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

    2015-01-14 06:18 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

    2015-01-14 06:18 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

    2015-01-14 06:18 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

    2015-01-14 06:18 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

    2015-01-14 06:18 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll

    2015-01-14 06:18 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe

    2015-01-14 06:18 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

    2015-01-14 06:18 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll

    2015-01-14 06:18 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll

    2015-01-14 06:18 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

    2015-01-14 06:18 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

    2015-01-14 06:18 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

    2015-01-14 06:18 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

    2015-01-14 06:18 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

    2015-01-14 06:18 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

    2015-01-14 06:18 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

    2015-01-14 06:18 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

    2015-01-14 06:18 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

    2015-01-14 06:18 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

    2015-01-14 06:18 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

    2015-01-14 06:18 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

    2015-01-14 06:18 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll

    2015-01-14 06:18 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll

    2015-01-14 06:18 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll

    2015-01-14 06:18 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

    2015-01-14 06:18 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

    2015-01-12 20:15 - 2015-01-12 20:15 - 00000000 ____D () C:\Users\Michael\AppData\Local\{4E75AF93-58E9-413A-92DC-37DA6E9C3A97}

    2015-01-11 18:40 - 2015-01-11 18:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\{E06552DE-1DC6-48B9-97B8-3DE31060E9D8}

    2015-01-02 22:02 - 2015-01-02 22:02 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

    2014-12-31 22:48 - 2014-12-31 22:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\{F03CD2F3-0E03-4361-B956-93A8FA4D671B}

    2014-12-31 22:48 - 2014-12-31 22:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\{51A9BF10-38C5-40A4-AB00-3283EDC03950}

    2014-12-29 20:43 - 2014-12-29 20:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B27ADE1E-4FC5-427A-AC3F-3EB12EDE0E36}

    2014-12-27 19:10 - 2014-12-27 19:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{BBCA7504-2585-4AC3-92F8-6595E820D855}

    2014-12-27 19:10 - 2014-12-27 19:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B94BF544-116D-41B7-AC88-0F87B3A0BE28}

    2014-12-27 11:12 - 2015-01-20 19:05 - 00000360 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job

    2014-12-27 11:12 - 2014-12-27 11:12 - 00003286 _____ () C:\WINDOWS\System32\Tasks\HP Photo Creations Communicator

    2014-12-27 11:12 - 2014-12-27 11:12 - 00000000 ____D () C:\ProgramData\Visan

    2014-12-26 18:27 - 2014-12-26 18:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D50631F4-D3E1-4307-BBAF-19B94B1F8272}

    2014-12-22 18:59 - 2014-12-22 18:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\{380D7FA6-7CDD-4C80-8806-D92B80D01FEC}

    2014-12-21 13:27 - 2014-12-21 13:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B6078C70-F063-4896-83DC-B5CF80D47FA3}

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-20 19:05 - 2014-06-11 17:19 - 00022809 _____ () C:\Users\Michael\Downloads\FRST.txt

    2015-01-20 19:05 - 2014-06-11 17:19 - 00000000 ____D () C:\FRST

    2015-01-20 19:02 - 2014-06-15 19:38 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

    2015-01-20 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru

    2015-01-20 19:00 - 2014-11-10 19:16 - 00000000 ____D () C:\Users\Michael\OneDrive

    2015-01-20 18:59 - 2013-08-22 09:46 - 00300999 _____ () C:\WINDOWS\setupact.log

    2015-01-20 18:59 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

    2015-01-20 18:59 - 2013-01-11 22:05 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

    2015-01-20 18:58 - 2014-11-10 18:37 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs

    2015-01-20 18:58 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

    2015-01-20 18:18 - 2013-01-11 22:05 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

    2015-01-20 17:35 - 2014-11-10 19:06 - 01701068 _____ () C:\WINDOWS\WindowsUpdate.log

    2015-01-20 17:25 - 2012-12-17 11:05 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4EEA9D32-882F-444D-A469-D56BACDC089C}

    2015-01-18 20:04 - 2014-06-04 17:24 - 00003190 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForMichael

    2015-01-18 20:04 - 2014-06-04 17:24 - 00000372 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForMichael.job

    2015-01-18 19:53 - 2012-12-17 11:13 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3304380047-1144064881-2346535376-1001

    2015-01-18 14:57 - 2013-08-22 16:59 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

    2015-01-18 04:41 - 2014-09-24 02:03 - 00020502 _____ () C:\WINDOWS\PFRO.log

    2015-01-16 17:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

    2015-01-14 20:39 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

    2015-01-14 20:38 - 2013-08-14 15:17 - 00000000 ____D () C:\WINDOWS\system32\MRT

    2015-01-14 20:33 - 2012-12-21 17:00 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

    2015-01-14 20:28 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

    2015-01-14 20:04 - 2012-12-17 19:14 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log

    2015-01-14 20:04 - 2012-12-17 19:14 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

    2015-01-12 18:46 - 2014-06-19 21:25 - 00870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma

    2015-01-12 18:46 - 2014-06-19 21:25 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A

    2015-01-12 18:27 - 2014-09-24 02:15 - 00956540 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

    2015-01-08 19:59 - 2012-08-01 22:15 - 00000000 ____D () C:\SWSETUP

    2015-01-05 19:08 - 2014-11-15 19:52 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

    2015-01-05 19:08 - 2014-11-15 19:52 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    2014-12-31 06:14 - 2013-02-15 22:31 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

    2014-12-29 18:35 - 2014-03-21 22:16 - 00000000 ____D () C:\Users\Michael\Documents\Terries Stuff

    2014-12-27 11:12 - 2013-08-07 18:38 - 00002009 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk

    2014-12-27 11:12 - 2013-08-07 18:38 - 00000000 ____D () C:\ProgramData\HP Photo Creations

    2014-12-27 11:12 - 2013-08-07 18:38 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations

    2014-12-21 13:27 - 2014-02-23 11:53 - 00000000 ____D () C:\Users\Michael\AppData\Local\Windows Live

    ==================== Files in the root of some directories =======

    2013-02-16 22:27 - 2013-02-16 22:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll

    2014-06-19 21:25 - 2015-01-12 18:46 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A

    2014-06-19 21:25 - 2015-01-12 18:46 - 0870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma

    2014-06-02 20:48 - 2014-06-02 20:48 - 0068782 _____ () C:\Users\Michael\AppData\Local\rvxxbgxb

    2013-04-22 19:12 - 2013-04-22 19:31 - 4126848 _____ () C:\Users\Michael\AppData\Local\rx_audio.Cache

    2013-04-21 19:10 - 2013-04-22 19:31 - 69447856 _____ () C:\Users\Michael\AppData\Local\rx_image32.Cache

    2013-08-07 18:34 - 2013-08-21 19:11 - 0003736 _____ () C:\ProgramData\hpzinstall.log

    2012-12-17 11:04 - 2012-12-17 11:04 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

    2012-07-30 19:51 - 2012-07-30 19:51 - 0002454 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed

    C:\Windows\System32\wininit.exe => File is digitally signed

    C:\Windows\explorer.exe => File is digitally signed

    C:\Windows\SysWOW64\explorer.exe => File is digitally signed

    C:\Windows\System32\svchost.exe => File is digitally signed

    C:\Windows\SysWOW64\svchost.exe => File is digitally signed

    C:\Windows\System32\services.exe => File is digitally signed

    C:\Windows\System32\User32.dll => File is digitally signed

    C:\Windows\SysWOW64\User32.dll => File is digitally signed

    C:\Windows\System32\userinit.exe => File is digitally signed

    C:\Windows\SysWOW64\userinit.exe => File is digitally signed

    C:\Windows\System32\rpcss.dll => File is digitally signed

    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-01-19 04:37

    ==================== End Of Log ============================


  3. This is the fixlist....is that the one ?   If not, please review again what I need to do next.

    HKLM-x32\...\Run: [Ogudymy] => C:\Users\Michael\AppData\Roaming\Wyfehe\keolumk.exeAppInit_DLLs-x32: C:/PROGRA~3/{F30C1~1/171~1.0/cale.dll => C:/PROGRA~3/{F30C1~1/171~1.0/cale.dll [649216 2015-01-18] ()ProxyServer: [S-1-5-21-3304380047-1144064881-2346535376-1001] => http=127.0.0.1:49250;https=127.0.0.1:49250SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFCHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir="C:\Users\Michael\AppData\Roaming\WyfeheC:\PROGRA~3\{F30C1~1\EmptyTemp:

  4. Ran by Michael (administrator) on BASEMENTDESKTOP on 19-01-2015 18:24:43Running from C:\Users\Michael\DownloadsLoaded Profiles: Michael (Available profiles: Michael)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe() C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe(AMD) C:\Windows\System32\atieclxx.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe(Maxtor Corporation) C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe(Farbar) C:\Users\Michael\Downloads\FRST64 (4).exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [10613760 2013-11-28] (Broadcom Corporation)HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exeHKLM-x32\...\Run: [basicsmssmenu] => C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517640 2013-05-30] (Seagate Technology LLC)HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [Ogudymy] => C:\Users\Michael\AppData\Roaming\Wyfehe\keolumk.exeHKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-05-30] (Seagate Technology LLC)AppInit_DLLs-x32: C:/PROGRA~3/{F30C1~1/171~1.0/cale.dll => C:/PROGRA~3/{F30C1~1/171~1.0/cale.dll [649216 2015-01-18] ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)ProxyServer: [S-1-5-21-3304380047-1144064881-2346535376-1001] => http=127.0.0.1:49250;https=127.0.0.1:49250HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1StartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75FireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-17]Chrome: =======CHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir="CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-22]CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]CHR Extension: (Eclipse.TV) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgclhadgalphbjbailpceklmmhebajln [2014-03-15]CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]CHR Extension: (Logitech SetPoint) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-08-22]CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-17]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-10] (Microsoft Corporation)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [6036480 2013-11-28] (Broadcom Corporation) [File not signed]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2014-11-12] (Broadcom Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-11-28] (Broadcom Corporation.)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-19] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-19 18:23 - 2015-01-19 18:24 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (5).exe2015-01-19 18:21 - 2015-01-19 18:21 - 02126848 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (4).exe2015-01-18 19:16 - 2015-01-18 19:16 - 00003114 _____ () C:\WINDOWS\System32\Tasks\{34C24717-83B7-4CA3-879A-425DBA510E1D}2015-01-18 14:57 - 2015-01-18 14:57 - 00000000 ____D () C:\ProgramData\{F30C1BCF-A38E-CA49-1208-BACBC28A6945}2015-01-18 14:56 - 2015-01-18 14:55 - 01110476 _____ () C:\Users\Michael\Downloads\Setup [1].exe2015-01-18 14:55 - 2015-01-18 14:55 - 00729264 _____ ( ) C:\Users\Michael\Downloads\Setup.exe2015-01-18 14:46 - 2014-01-18 00:41 - 4284854147 _____ () C:\Users\Michael\Downloads\00410001.MOV2015-01-18 13:58 - 2015-01-18 13:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B64C6B58-C42D-4F9C-A137-231BB8B4C08B}2015-01-18 04:52 - 2015-01-18 19:30 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat2015-01-14 06:18 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2015-01-14 06:18 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe2015-01-14 06:18 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys2015-01-14 06:18 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe2015-01-14 06:18 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe2015-01-14 06:18 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll2015-01-14 06:18 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll2015-01-14 06:18 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2015-01-14 06:18 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2015-01-14 06:18 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe2015-01-14 06:18 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2015-01-14 06:18 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2015-01-14 06:18 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe2015-01-14 06:18 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2015-01-14 06:18 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2015-01-14 06:18 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2015-01-14 06:18 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll2015-01-14 06:18 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll2015-01-14 06:18 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll2015-01-14 06:18 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2015-01-14 06:18 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll2015-01-12 20:15 - 2015-01-12 20:15 - 00000000 ____D () C:\Users\Michael\AppData\Local\{4E75AF93-58E9-413A-92DC-37DA6E9C3A97}2015-01-11 18:40 - 2015-01-11 18:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\{E06552DE-1DC6-48B9-97B8-3DE31060E9D8}2015-01-02 22:02 - 2015-01-02 22:02 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task2014-12-31 22:48 - 2014-12-31 22:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\{F03CD2F3-0E03-4361-B956-93A8FA4D671B}2014-12-31 22:48 - 2014-12-31 22:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\{51A9BF10-38C5-40A4-AB00-3283EDC03950}2014-12-29 20:43 - 2014-12-29 20:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B27ADE1E-4FC5-427A-AC3F-3EB12EDE0E36}2014-12-27 19:10 - 2014-12-27 19:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{BBCA7504-2585-4AC3-92F8-6595E820D855}2014-12-27 19:10 - 2014-12-27 19:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B94BF544-116D-41B7-AC88-0F87B3A0BE28}2014-12-27 11:12 - 2015-01-18 23:19 - 00000360 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job2014-12-27 11:12 - 2014-12-27 11:12 - 00003286 _____ () C:\WINDOWS\System32\Tasks\HP Photo Creations Communicator2014-12-27 11:12 - 2014-12-27 11:12 - 00000000 ____D () C:\ProgramData\Visan2014-12-26 18:27 - 2014-12-26 18:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D50631F4-D3E1-4307-BBAF-19B94B1F8272}2014-12-22 18:59 - 2014-12-22 18:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\{380D7FA6-7CDD-4C80-8806-D92B80D01FEC}2014-12-21 13:27 - 2014-12-21 13:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B6078C70-F063-4896-83DC-B5CF80D47FA3}==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-19 18:24 - 2014-06-11 17:19 - 00026508 _____ () C:\Users\Michael\Downloads\FRST.txt2015-01-19 18:24 - 2014-06-11 17:19 - 00000000 ____D () C:\FRST2015-01-19 18:20 - 2014-11-10 19:06 - 01557978 _____ () C:\WINDOWS\WindowsUpdate.log2015-01-19 18:18 - 2013-01-11 22:05 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-01-19 18:10 - 2012-12-17 11:05 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4EEA9D32-882F-444D-A469-D56BACDC089C}2015-01-19 18:07 - 2014-06-15 19:38 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-01-19 18:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-01-19 18:06 - 2014-11-10 18:37 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs2015-01-18 20:04 - 2014-06-04 17:24 - 00003190 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForMichael2015-01-18 20:04 - 2014-06-04 17:24 - 00000372 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForMichael.job2015-01-18 20:03 - 2014-11-10 19:16 - 00000000 ____D () C:\Users\Michael\OneDrive2015-01-18 20:03 - 2013-01-11 22:05 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-01-18 19:53 - 2012-12-17 11:13 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3304380047-1144064881-2346535376-10012015-01-18 19:28 - 2013-08-22 09:46 - 00300845 _____ () C:\WINDOWS\setupact.log2015-01-18 19:28 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-01-18 19:28 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI2015-01-18 14:57 - 2013-08-22 16:59 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-01-18 04:41 - 2014-09-24 02:03 - 00020502 _____ () C:\WINDOWS\PFRO.log2015-01-16 17:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-01-14 20:39 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-01-14 20:38 - 2013-08-14 15:17 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-01-14 20:33 - 2012-12-21 17:00 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-01-14 20:28 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2015-01-14 20:04 - 2012-12-17 19:14 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log2015-01-14 20:04 - 2012-12-17 19:14 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2015-01-12 18:46 - 2014-06-19 21:25 - 00870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma2015-01-12 18:46 - 2014-06-19 21:25 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A2015-01-12 18:27 - 2014-09-24 02:15 - 00956540 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-01-08 19:59 - 2012-08-01 22:15 - 00000000 ____D () C:\SWSETUP2015-01-05 19:08 - 2014-11-15 19:52 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-01-05 19:08 - 2014-11-15 19:52 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-12-31 06:14 - 2013-02-15 22:31 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2014-12-29 18:35 - 2014-03-21 22:16 - 00000000 ____D () C:\Users\Michael\Documents\Terries Stuff2014-12-27 11:12 - 2013-08-07 18:38 - 00002009 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk2014-12-27 11:12 - 2013-08-07 18:38 - 00000000 ____D () C:\ProgramData\HP Photo Creations2014-12-27 11:12 - 2013-08-07 18:38 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations2014-12-21 13:27 - 2014-02-23 11:53 - 00000000 ____D () C:\Users\Michael\AppData\Local\Windows Live==================== Files in the root of some directories =======2013-02-16 22:27 - 2013-02-16 22:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll2014-06-19 21:25 - 2015-01-12 18:46 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A2014-06-19 21:25 - 2015-01-12 18:46 - 0870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma2014-06-02 20:48 - 2014-06-02 20:48 - 0068782 _____ () C:\Users\Michael\AppData\Local\rvxxbgxb2013-04-22 19:12 - 2013-04-22 19:31 - 4126848 _____ () C:\Users\Michael\AppData\Local\rx_audio.Cache2013-04-21 19:10 - 2013-04-22 19:31 - 69447856 _____ () C:\Users\Michael\AppData\Local\rx_image32.Cache2013-08-07 18:34 - 2013-08-21 19:11 - 0003736 _____ () C:\ProgramData\hpzinstall.log2012-12-17 11:04 - 2012-12-17 11:04 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc2012-07-30 19:51 - 2012-07-30 19:51 - 0002454 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtagSome content of TEMP:====================C:\Users\Michael\AppData\Local\Temp\Extract.exeC:\Users\Michael\AppData\Local\Temp\ultrafileopener_setup.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-01-19 04:37==================== End Of Log ============================

    Hello, thank you for helping me.    after running FRST.txt, I did not see  Addition.txt to be able to post in a code box.

    The next step, , to down load Gmer. I selected the "Download EXE" buton, but was not able to double click on the randomly named GMER.exe .    I now have GMER two files on my Desktop.   i30yvhr8.exe and b4scyfu9.exe .  When I click on either one I receive an error message that says "The process cannot access the file because it is being used by another"

    I will stop here and wait further advise.


  5. and the Addition......

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014
    Ran by Michael at 2014-06-11 18:20:20
    Running from C:\Users\Michael\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.8.0.1280 - Adobe Systems Incorporated) Hidden
    Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
    AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
    AMD Catalyst Control Center (x32 Version: 2013.0819.1344.22803 - Advanced Micro Devices, Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{CC6CCF1E-F361-910A-E41D-EB5176F1255C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    AMD Wireless Display v3.0 (Version: 1.0.0.13 - Advanced Micro Devices, Inc.) Hidden
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    AudioLabel (HKLM-x32\...\AudioLabel) (Version: 5.00 (Build 6) - CDCoverSoft)
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.66.1 - Broadcom Corporation)
    Broadcom Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6950 - Broadcom Corporation)
    Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.66.1 - Broadcom Corporation)
    Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0819.1344.22803 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2013.0819.1344.22803 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2013.0819.1344.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2013.0819.1344.22803 - Advanced Micro Devices, Inc.) Hidden
    CEBS Practice Exam - RPA2 (Course 4) (HKLM-x32\...\CEBSPracticeExamRPA2 (Course 4)) (Version:  - )
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CinemaNow Player (HKLM-x32\...\com.bby.cinemanowplayer) (Version: 3.1.2 - Rovi Corporation)
    CinemaNow Player (x32 Version: 3.1.2 - Rovi Corporation) Hidden
    Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
    Corel KPT Collection (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Corel KPT Collection for PSPX4 (HKLM-x32\...\_{031338C0-4C21-4DAC-875B-26ACD7ADDF23}) (Version:  - Corel Corporation)
    Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.2.0.1 - Corel Corporation)
    Corel PaintShop Pro X4 (x32 Version: 14.3.0.3 - Corel Corporation) Hidden
    Corel WinDVD (x32 Version: 10.8.0.201 - Corel Inc.) Hidden
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Creator NXT Content (x32 Version: 14.0.024 - Roxio) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
    CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
    CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
    CyberLink PhotoDirector (x32 Version: 2.0.1.3109 - CyberLink Corp.) Hidden
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
    CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
    CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
    CyberLink PowerDVD (x32 Version: 10.0.8.5511 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
    Drive Manager (HKLM-x32\...\InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}) (Version: 1.00.0012 - Seagate Technology)
    Drive Manager (x32 Version: 1.00.0012 - Seagate Technology) Hidden
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
    eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.6.722 - Foxit Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
    Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 25) hp - Meridian Audio Ltd)
    HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
    HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
    HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
    HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
    ICA (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
    IPM_PSP_COM (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )
    Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
    Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PSPPContent (x32 Version: 14.3.0.2 - Corel Corporation) Hidden
    PSPPHelp (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
    PSPPro64 (Version: 14.2.0.1 - Corel Corporation) Hidden
    RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
    Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Roxio BackOnTrack (x32 Version: 4.5 - Roxio) Hidden
    Roxio Burn (x32 Version: 2.0 - Roxio) Hidden
    Roxio Central (x32 Version: 7.0.0 - Roxio) Hidden
    Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
    Roxio Creator NXT (HKLM-x32\...\{CC915001-1639-4D1B-B0A1-A7AC70C99179}) (Version: 14.0.36.0 - Roxio)
    Roxio Creator NXT (x32 Version: 1.4.184 - Roxio) Hidden
    Roxio VHS Capture Driver (x32 Version: 1.05.0000 - Corel) Hidden
    Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.29.0 - Seagate)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
    Setup (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
    SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
    SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
    SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
    SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
    SureThing CD Labeler Deluxe Trial (HKLM-x32\...\{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1) (Version: 5.2.693.0 - MicroVision Development, Inc.)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Triple Scoop Music (x32 Version: 1.0.019 - Roxio) Hidden
    Ultra File Opener (HKCU\...\Ultra File Opener) (Version: 4.1.3.77 - CompuClever Systems Inc.)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
    Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
    WD Drive Utilities (HKLM-x32\...\{7431ED5D-9247-4F17-91C9-702D9B36FAC4}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
    WD Quick View (HKLM-x32\...\{324C58C7-A292-4523-A943-91DE1EB6A1FE}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
    WD Security (HKLM-x32\...\{90C3D9C7-2F83-4399-8E28-A00228CFFDF8}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{F6ABA2F3-9759-48CD-B25B-A07A811E92E4}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
    WD SmartWare Installer (HKLM-x32\...\{72fda14f-5a07-49d5-b7f7-202377e9b522}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
    Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth  (08/09/2013 12.0.0.7620) (HKLM\...\7C5445C0C158E0500C2E0AD361C4CBF4BAB2476C) (Version: 08/09/2013 12.0.0.7620 - Broadcom Corporation)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
     
    ==================== Restore Points  =========================
     
    18-05-2014 03:06:54 WD SmartWare Installer
    25-05-2014 15:49:21 Scheduled Checkpoint
    03-06-2014 21:19:24 Scheduled Checkpoint
    05-06-2014 00:43:27 Windows Backup
    08-06-2014 23:00:14 Windows Backup
    11-06-2014 21:18:54 WD SmartWare Installer
     
    ==================== Hosts content: ==========================
     
    2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: {03CDD9EB-9FC2-47D5-8A1F-F2D024EE0398} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-06-10] (Microsoft Corporation)
    Task: {19762045-0D4E-4CB0-B547-7364482C9B8F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {1B212671-33EE-46FB-B233-349A4A2B1C9B} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
    Task: {1EE5664F-97B8-4CE0-901A-03770FD5B7B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
    Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {23BE2994-20EA-49CD-8B2D-27FDD1FE60E7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
    Task: {2D0F3A23-3D03-4D8E-8B89-4BFF206F652F} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
    Task: {3E991863-80D3-4DD5-8A62-A16F8FB29D27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11] (Google Inc.)
    Task: {45B9FF87-0A7B-4E04-845A-C7871BA303B5} - System32\Tasks\Security Center Update - 2611310932 => C:\Users\Michael\AppData\Roaming\Heuvan\yqtyze.exe [2013-05-29] () <==== ATTENTION
    Task: {4B883E09-F3CB-40B6-99DE-81004D02C346} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {4F0C30EE-EAC5-40CB-B4E2-B68298560767} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {59BA2EBE-5207-477A-8A88-922ECF1BFC94} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
    Task: {5FE7826E-33AF-4BC3-B8E5-C8BE0EDDA5D9} - System32\Tasks\Michael => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)
    Task: {604F5EA3-E281-4302-9613-FBAFFB73D687} - System32\Tasks\Michael1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)
    Task: {670149DF-C347-41A8-8236-15ED355F88AB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
    Task: {924D5366-139F-4C72-94EE-BE9C7FFF61A2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\WSCStub.exe
    Task: {964747F0-34A0-4C74-9C33-16F452372B04} - System32\Tasks\Michael Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)
    Task: {976959AE-32D6-4BD5-8E34-FB4DE193DB2B} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2013-05-30] (Seagate Technology LLC)
    Task: {9A638AC0-F266-4475-A5BD-F1427EF5F8D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
    Task: {9BC687D5-37EB-4217-B381-AB67F626A3C7} - System32\Tasks\Michael1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)
    Task: {A2230D63-EDFF-41B9-9774-3B2AD59D4D61} - System32\Tasks\Western Digital\SmartWare\____Volume_85498e1f_114e_404b_8437_5d470f1fbe7a______Volume_79f342d3_c364_11e3_bea6_74e543952f6d__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-06-02] (Western Digital Technologies, Inc.)
    Task: {A26612F3-6A02-4A92-ADBC-4656488E55D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {AB3EDCD2-4931-4223-B931-2B73810DC1A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
    Task: {BBA801E3-C239-436A-AF40-3816C2522ED7} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\SymErr.exe
    Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {D5C8EF3D-AE66-4C66-B9DC-5A7C65F06FCD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {D72858DA-1B65-43EA-BE80-E74269F52FEC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
    Task: {DA9C8428-C181-4CAE-8C2C-09ACCF867C76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11] (Google Inc.)
    Task: {E1BA9482-2D39-4755-98A6-EA2B43F91925} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
    Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {EC13228D-68EA-45A4-BEBD-72391D71314C} - System32\Tasks\HPCeeScheduleForMichael => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {F7B6D172-0F94-4764-9E27-E0FA7BB8BB88} - System32\Tasks\Security Center Update - 2126033022 => C:\Users\Michael\AppData\Roaming\Udipuwfe\urcuxii.exe [2014-01-06] () <==== ATTENTION
    Task: {FF6DC57D-D6C5-4BB9-BCC9-689CFC0283BE} - System32\Tasks\Michael DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2013-05-30] (Seagate Technology LLC)
    Task: {FFD4E82B-807F-497E-B093-D8C6C876B272} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\SymErr.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\HPCeeScheduleForMichael.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\windows\Tasks\Security Center Update - 2126033022.job => C:\Users\Michael\AppData\Roaming\Udipuwfe\urcuxii.exe <==== ATTENTION
    Task: C:\windows\Tasks\Security Center Update - 2611310932.job => C:\Users\Michael\AppData\Roaming\Heuvan\yqtyze.exe <==== ATTENTION
     
    ==================== Loaded Modules (whitelisted) =============
     
    2012-06-20 15:48 - 2012-06-20 15:48 - 00457360 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    2012-07-11 01:04 - 2012-07-11 01:04 - 00022160 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    2013-05-12 01:10 - 2013-05-12 01:10 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2013-12-03 20:19 - 2013-12-03 20:20 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
    2012-11-04 13:42 - 2012-11-04 13:42 - 00071992 _____ () C:\Program Files\Logitech\SetPointP\WinRTProxy.DLL
    2014-01-01 01:17 - 2014-01-01 01:17 - 00313344 _____ () C:\Users\Michael\AppData\Roaming\Xiuhytc\tupea.exe
    2013-06-05 16:51 - 2013-06-05 16:51 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
    2012-08-29 13:02 - 2012-08-29 13:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
    2012-08-29 13:02 - 2012-08-29 13:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
    2012-08-29 13:02 - 2012-08-29 13:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
    2012-07-05 19:47 - 2012-07-05 19:47 - 00535184 _____ () C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe
    2012-12-17 12:04 - 2012-12-17 12:04 - 00120224 _____ () C:\Users\Michael\AppData\Local\assembly\dl3\V3DZ0ML8.325\Y9HHO8NC.KZW\336638de\00ef7209_0886cd01\HPItunesModule.DLL
    2014-01-06 11:24 - 2014-01-06 11:24 - 00306176 _____ () C:\Users\Michael\AppData\Roaming\Udipuwfe\urcuxii.exe
    2012-07-11 01:04 - 2012-07-11 01:04 - 03306128 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
    2012-07-11 01:04 - 2012-07-11 01:04 - 00523920 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
    2012-07-11 01:04 - 2012-07-11 01:04 - 00108176 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
    2012-10-13 15:10 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2014-05-25 20:55 - 2014-05-13 19:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
    2014-05-25 20:55 - 2014-05-13 19:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
    2014-05-25 20:55 - 2014-05-13 19:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
    2014-05-25 20:55 - 2014-05-13 19:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
    2014-05-25 20:55 - 2014-05-13 19:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    AlternateDataStreams: C:\Users\Michael\Documents\CineMagic.dmsd:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Michael\Documents\Slideshow.dmsm:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Michael\Documents\Slideshow0.dmsm:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Michael\Documents\Slideshow1.dmsm:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Michael\Documents\Slideshow2.dmsm:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Michael\Documents\Slideshow3.dmsm:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Michael\Documents\Slideshow4.dmsm:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Michael\Documents\Slideshow5.dmsm:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Michael\Documents\Slideshow6.dmsm:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Michael\Documents\Slideshow7.dmsm:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Michael\Documents\Slideshow8.dmsm:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Michael\Documents\Slideshow9.dmsm:Roxio EMC Stream
     
    ==================== Safe Mode (whitelisted) ===================
     
     
    ==================== EXE Association (whitelisted) =============
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (06/11/2014 05:55:20 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: xwukectn.exe, version: 0.0.0.0, time stamp: 0x53003800
    Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
    Exception code: 0xc0000005
    Fault offset: 0x000650fc
    Faulting process id: 0x1e84
    Faulting application start time: 0xxwukectn.exe0
    Faulting application path: xwukectn.exe1
    Faulting module path: xwukectn.exe2
    Report Id: xwukectn.exe3
    Faulting package full name: xwukectn.exe4
    Faulting package-relative application ID: xwukectn.exe5
     
    Error: (06/11/2014 05:13:12 PM) (Source: Perflib) (EventID: 1023) (User: )
    Description: rdyboost4
     
    Error: (06/11/2014 05:13:11 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll4
     
    Error: (06/11/2014 05:13:10 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_bthserv, version: 6.2.9200.16420, time stamp: 0x505a9a4e
    Faulting module name: bthserv.dll, version: 6.2.9200.16384, time stamp: 0x501087af
    Exception code: 0xc0000005
    Fault offset: 0x000000000000d8f3
    Faulting process id: 0x144
    Faulting application start time: 0xsvchost.exe_bthserv0
    Faulting application path: svchost.exe_bthserv1
    Faulting module path: svchost.exe_bthserv2
    Report Id: svchost.exe_bthserv3
    Faulting package full name: svchost.exe_bthserv4
    Faulting package-relative application ID: svchost.exe_bthserv5
     
    Error: (06/10/2014 10:00:36 PM) (Source: Perflib) (EventID: 1017) (User: )
    Description: Outlook
     
    Error: (06/10/2014 10:00:36 PM) (Source: Perflib) (EventID: 1021) (User: )
    Description: Outlook8
     
    Error: (06/10/2014 10:00:35 PM) (Source: Perflib) (EventID: 1017) (User: )
    Description: ASP.NET_2.0.50727
     
    Error: (06/10/2014 10:00:35 PM) (Source: Perflib) (EventID: 1021) (User: )
    Description: ASP.NET_2.0.507278
     
    Error: (06/10/2014 10:00:35 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: .NETFrameworkC:\windows\system32\mscoree.dll8
     
    Error: (06/09/2014 08:15:50 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Seagate.Dashboard.DASWindowsService.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.Management.ManagementException
    Stack:
       at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
       at System.Management.SinkForEventQuery.Cancel()
       at System.Management.ManagementEventWatcher.Stop()
       at System.Management.ManagementEventWatcher.Finalize()
     
     
    System errors:
    =============
    Error: (06/11/2014 05:26:40 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
    Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
     
    Error: (06/11/2014 05:26:35 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
    Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
     
    Error: (06/11/2014 05:24:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Roxio Hard Drive Watcher 14 service terminated with the following error: 
    %%2147500053
     
    Error: (06/11/2014 05:22:25 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
    Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
     
    Error: (06/11/2014 05:16:47 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
    Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
     
    Error: (06/11/2014 05:15:18 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: 
    %%1056
     
    Error: (06/11/2014 05:15:18 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Bluetooth Support Service service, but this action failed with the following error: 
    %%1056
     
    Error: (06/11/2014 05:15:03 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
    Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
     
    Error: (06/11/2014 05:14:18 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Font Cache Service service, but this action failed with the following error: 
    %%1056
     
    Error: (06/11/2014 05:13:18 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network List Service service, but this action failed with the following error: 
    %%1056
     
     
    Microsoft Office Sessions:
    =========================
    Error: (06/11/2014 05:55:20 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: xwukectn.exe0.0.0.053003800ntdll.dll6.2.9200.16578515fac6ec0000005000650fc1e8401cf85bfd66709e6C:\Users\Michael\AppData\Local\xwukectn.exeC:\windows\SYSTEM32\ntdll.dll14811442-f1b3-11e3-beb7-74e543952f6d
     
    Error: (06/11/2014 05:13:12 PM) (Source: Perflib) (EventID: 1023) (User: )
    Description: rdyboost4
     
    Error: (06/11/2014 05:13:11 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll4
     
    Error: (06/11/2014 05:13:10 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: svchost.exe_bthserv6.2.9200.16420505a9a4ebthserv.dll6.2.9200.16384501087afc0000005000000000000d8f314401cf85b9d21ffe43C:\windows\system32\svchost.exec:\windows\system32\bthserv.dll30982e7e-f1ad-11e3-beb6-74e543952f6d
     
    Error: (06/10/2014 10:00:36 PM) (Source: Perflib) (EventID: 1017) (User: )
    Description: Outlook
     
    Error: (06/10/2014 10:00:36 PM) (Source: Perflib) (EventID: 1021) (User: )
    Description: Outlook8
     
    Error: (06/10/2014 10:00:35 PM) (Source: Perflib) (EventID: 1017) (User: )
    Description: ASP.NET_2.0.50727
     
    Error: (06/10/2014 10:00:35 PM) (Source: Perflib) (EventID: 1021) (User: )
    Description: ASP.NET_2.0.507278
     
    Error: (06/10/2014 10:00:35 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: .NETFrameworkC:\windows\system32\mscoree.dll8
     
    Error: (06/09/2014 08:15:50 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Seagate.Dashboard.DASWindowsService.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.Management.ManagementException
    Stack:
       at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
       at System.Management.SinkForEventQuery.Cancel()
       at System.Management.ManagementEventWatcher.Stop()
       at System.Management.ManagementEventWatcher.Finalize()
     
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 32%
    Total physical RAM: 7575.51 MB
    Available physical RAM: 5084.66 MB
    Total Pagefile: 9559.51 MB
    Available Pagefile: 6500.51 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.76 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:910.35 GB) (Free:627.17 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive d: (Recovery Image) (Fixed) (Total:19.69 GB) (Free:2.46 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive l: (My Passport) (Fixed) (Total:931.48 GB) (Free:239.62 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 932 GB) (Disk ID: C6696C19)
     
    Partition: GPT Partition Type.
     
    ========================================================
    Disk: 5 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 703F22F3)
    Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================

  6. Is this what you need  ?

     


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014

    Ran by Michael (administrator) on BASEMENTDESKTOP on 11-06-2014 18:19:22

    Running from C:\Users\Michael\Downloads

    Platform: Windows 8 (X64) OS Language: English(US)

    Internet Explorer Version 10

    Boot Mode: Normal

     

    The only official download link for FRST:



    Download link from any site other than Bleeping Computer is unpermitted or outdated.


     

    ==================== Processes (Whitelisted) =================

     

    (AMD) C:\Windows\System32\atiesrxx.exe

    (AMD) C:\Windows\System32\atieclxx.exe

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe

    () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe

    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe

    (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe

    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

    () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe

    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    (Microsoft Corporation) C:\Windows\System32\dasHost.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe

    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe

    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe

    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

    (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe

    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE

    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe

    (Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe

    () C:\Users\Michael\AppData\Roaming\Xiuhytc\tupea.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

    (Maxtor Corporation) C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe

    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE

    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe

    (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

    () C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe

    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

    () C:\Users\Michael\AppData\Roaming\Udipuwfe\urcuxii.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Microsoft Corporation) C:\Windows\splwow64.exe

    () C:\Users\Michael\AppData\Roaming\Udipuwfe\urcuxii.exe

    () C:\Users\Michael\AppData\Roaming\Udipuwfe\urcuxii.exe

    (Farbar) C:\Users\Michael\Downloads\FRST64 (3).exe

     

     

    ==================== Registry (Whitelisted) ==================

     

    HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )

    HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)

    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)

    HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [10613760 2013-11-28] (Broadcom Corporation)

    HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)

    HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)

    HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

    HKLM-x32\...\Run: [basicsmssmenu] => C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)

    HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517640 2013-05-30] (Seagate Technology LLC)

    HKLM-x32\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)

    HKLM-x32\...\Run: [] => [X]

    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)

    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

    HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)

    HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

    HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)

    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5563760 2014-06-02] (Western Digital Technologies, Inc.)

    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)

    HKLM-x32\...\Run: [Foapyxvut] => C:\Users\Michael\AppData\Roaming\Ylyxly\iccoyd.exe [313344 2013-05-26] ()

    HKLM-x32\...\Run: [Taatezziefe] => C:\Users\Michael\AppData\Roaming\Xiuhytc\tupea.exe [313344 2014-01-01] ()

    HKLM-x32\...\Run: [Keuwud] => C:\Users\Michael\AppData\Roaming\Udipuwfe\urcuxii.exe [306176 2014-01-06] ()

    HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-10] (Hewlett-Packard)

    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

    HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-05-30] (Seagate Technology LLC)

    HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Run: [Luegyr] => "C:\Users\Michael\AppData\Roaming\Ewohuvz\ibisif.exe"

    HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Run: [Foapyxvut] => C:\Users\Michael\AppData\Roaming\Ylyxly\iccoyd.exe [313344 2013-05-26] ()

    HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Run: [Taatezziefe] => C:\Users\Michael\AppData\Roaming\Xiuhytc\tupea.exe [313344 2014-01-01] ()

    HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Run: [xkngvnqx] => C:\Users\Michael\AppData\Local\dvahexhq.exe [147456 2014-06-10] ()

    HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Run: [Keuwud] => C:\Users\Michael\AppData\Roaming\Udipuwfe\urcuxii.exe [306176 2014-01-06] ()

    HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Run: [itrplnkv] => C:\Users\Michael\AppData\Local\asllllfu.exe [143360 2014-06-11] ()

    HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\MountPoints2: {67f9585e-5082-11e2-be75-74e543952f6d} - "J:\GSLoader.exe" 

    HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\MountPoints2: {67f95975-5082-11e2-be75-74e543952f6d} - "J:\GSLoader.exe" 

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

     

    ==================== Internet (Whitelisted) ====================

     

    ProxyServer: http=127.0.0.1:49250;https=127.0.0.1:49250

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1

    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1

    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1

    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

    SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

    SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF



    SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

    SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

    SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF



    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

    SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

    SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF



    BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

    BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

    BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)

    BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

    BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

    BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)

    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

     

    FireFox:

    ========

    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-17]

     

    Chrome: 

    =======

    CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-22]

    CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]

    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]

    CHR Extension: (Eclipse.TV) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgclhadgalphbjbailpceklmmhebajln [2014-03-15]

    CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]

    CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]

    CHR Extension: (Logitech SetPoint) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-08-22]

    CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

    CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]

    CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-17]

     

    ==================== Services (Whitelisted) =================

     

    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()

    R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)

    R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2014-03-07] (Broadcom Corporation.)

    R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()

    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

    R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)

    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

    R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

    R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

    R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()

    S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)

    S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)

    R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)

    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]

    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-06-02] (Western Digital Technologies, Inc.)

    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)

    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

    R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [6036480 2013-11-28] (Broadcom Corporation) [File not signed]

     

    ==================== Drivers (Whitelisted) ====================

     

    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2014-03-07] (Broadcom Corporation.)

    R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6957744 2013-11-28] (Broadcom Corporation)

    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)

    R3 BTWPANFL; C:\windows\system32\drivers\btwpanfl.sys [44912 2013-11-28] (Broadcom Corporation.)

    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

    R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

    R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)

    R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)

    R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)

    R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)

     

    ==================== NetSvcs (Whitelisted) ===================

     

     

    ==================== One Month Created Files and Folders ========

     

    2014-06-11 18:19 - 2014-06-11 18:19 - 00024444 _____ () C:\Users\Michael\Downloads\FRST.txt

    2014-06-11 18:19 - 2014-06-11 18:19 - 00000000 ____D () C:\FRST

    2014-06-11 18:18 - 2014-06-11 18:18 - 02081792 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (3).exe

    2014-06-11 18:18 - 2014-06-11 18:18 - 02081792 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (2).exe

    2014-06-11 18:17 - 2014-06-11 18:17 - 02081792 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (1).exe

    2014-06-11 18:16 - 2014-06-11 18:16 - 02081792 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe

    2014-06-11 17:56 - 2014-06-11 18:00 - 00000842 _____ () C:\windows\Tasks\Security Center Update - 2611310932.job

    2014-06-11 17:56 - 2014-06-11 17:56 - 00003818 _____ () C:\windows\System32\Tasks\Security Center Update - 2611310932

    2014-06-11 17:56 - 2014-06-11 17:56 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Heuvan

    2014-06-11 17:32 - 2014-06-11 18:00 - 00000852 _____ () C:\windows\Tasks\Security Center Update - 2126033022.job

    2014-06-11 17:32 - 2014-06-11 17:32 - 00143360 _____ () C:\Users\Michael\AppData\Local\asllllfu.exe

    2014-06-11 17:32 - 2014-06-11 17:32 - 00003828 _____ () C:\windows\System32\Tasks\Security Center Update - 2126033022

    2014-06-11 17:32 - 2014-06-11 17:32 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Udipuwfe

    2014-06-11 17:21 - 2014-06-11 17:21 - 00000000 ____D () C:\Program Files\Western Digital

    2014-06-10 20:40 - 2014-06-10 20:40 - 00147456 _____ () C:\Users\Michael\AppData\Local\dvahexhq.exe

    2014-06-10 20:40 - 2014-05-23 22:48 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

    2014-06-10 20:40 - 2014-05-23 22:47 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

    2014-06-10 20:40 - 2014-05-23 22:47 - 01366016 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

    2014-06-10 20:40 - 2014-05-23 22:47 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll

    2014-06-10 20:40 - 2014-05-23 22:47 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll

    2014-06-10 20:40 - 2014-05-23 22:46 - 19290112 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

    2014-06-10 20:40 - 2014-05-23 22:46 - 15368704 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

    2014-06-10 20:40 - 2014-05-23 22:46 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

    2014-06-10 20:40 - 2014-05-23 22:46 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

    2014-06-10 20:40 - 2014-05-23 22:46 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

    2014-06-10 20:40 - 2014-05-23 22:46 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

    2014-06-10 20:40 - 2014-05-23 22:46 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

    2014-06-10 20:40 - 2014-05-23 22:46 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

    2014-06-10 20:40 - 2014-05-23 22:46 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

    2014-06-10 20:40 - 2014-05-23 22:46 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

    2014-06-10 20:40 - 2014-05-23 22:45 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

    2014-06-10 20:40 - 2014-05-23 22:45 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

    2014-06-10 20:40 - 2014-05-23 22:45 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

    2014-06-10 20:40 - 2014-05-23 21:26 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

    2014-06-10 20:40 - 2014-05-23 21:26 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

    2014-06-10 20:40 - 2014-05-23 21:26 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

    2014-06-10 20:40 - 2014-05-23 21:26 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

    2014-06-10 20:40 - 2014-05-23 21:26 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll

    2014-06-10 20:40 - 2014-05-23 21:25 - 13731328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

    2014-06-10 20:40 - 2014-05-23 21:25 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

    2014-06-10 20:40 - 2014-05-23 21:25 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

    2014-06-10 20:40 - 2014-05-23 21:25 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

    2014-06-10 20:40 - 2014-05-23 21:25 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll

    2014-06-10 20:40 - 2014-05-23 21:25 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

    2014-06-10 20:40 - 2014-05-23 21:25 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

    2014-06-10 20:40 - 2014-05-23 21:25 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

    2014-06-10 20:40 - 2014-05-23 21:09 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

    2014-06-10 20:40 - 2014-05-23 21:03 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

    2014-06-10 20:40 - 2014-05-23 18:37 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll

    2014-06-10 20:40 - 2014-05-03 01:47 - 03246592 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll

    2014-06-10 20:40 - 2014-05-02 23:34 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll

    2014-06-10 20:40 - 2014-04-29 18:32 - 01301504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll

    2014-06-10 20:40 - 2014-04-29 18:22 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll

    2014-06-10 20:40 - 2014-04-03 07:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys

    2014-06-10 20:40 - 2014-04-02 23:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys

    2014-06-10 20:40 - 2014-03-31 18:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml

    2014-06-10 20:40 - 2014-03-24 19:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe

    2014-06-10 20:40 - 2014-03-24 18:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe

    2014-06-10 20:39 - 2014-05-23 22:46 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

    2014-06-10 20:39 - 2014-05-23 22:46 - 02650112 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

    2014-06-10 20:39 - 2014-05-23 21:26 - 14365696 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

    2014-06-10 20:39 - 2014-05-23 21:26 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

    2014-06-10 20:39 - 2014-05-23 21:25 - 02862080 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

    2014-06-10 20:39 - 2014-05-23 21:25 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

    2014-06-10 20:39 - 2014-05-23 21:25 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

    2014-06-10 20:39 - 2014-04-03 07:22 - 02233176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys

    2014-06-10 20:38 - 2014-03-06 20:47 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll

    2014-06-10 20:38 - 2014-03-06 20:08 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll

    2014-06-09 19:54 - 2014-06-09 19:54 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Xiuhytc

    2014-06-09 17:02 - 2014-06-09 17:02 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Ylyxly

    2014-06-07 17:10 - 2014-06-07 17:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{224830B8-677C-4A76-95DB-08D88C19336E}

    2014-06-04 18:26 - 2014-06-06 21:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Ewohuvz

    2014-06-04 18:24 - 2014-06-11 17:34 - 00003190 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMichael

    2014-06-04 18:24 - 2014-06-11 17:34 - 00000372 _____ () C:\windows\Tasks\HPCeeScheduleForMichael.job

    2014-06-02 21:48 - 2014-06-02 21:48 - 00068782 _____ () C:\Users\Michael\AppData\Local\rvxxbgxb

    2014-06-02 20:17 - 2014-06-02 20:17 - 00000000 ____D () C:\Users\Michael\Desktop\My CD

    2014-06-02 17:18 - 2014-06-02 17:18 - 00000000 ____D () C:\Users\Michael\AppData\Local\{881F8DB9-F1FA-4524-88D9-E9C82B92CDB1}

    2014-06-01 20:14 - 2014-06-01 20:14 - 00000000 ____D () C:\Users\Michael\AppData\Local\{15CA1DF9-3AA9-4AB8-90EB-3CBEB1CA2504}

    2014-05-30 21:23 - 2014-05-30 21:24 - 00000000 ____D () C:\Users\Michael\AppData\Local\{6ED51D36-00EF-4103-A2B9-E9D209EBD982}

    2014-05-27 19:23 - 2014-05-27 19:23 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B0C134A4-B9BE-4B34-95F3-7F02760A1C87}

    2014-05-25 20:16 - 2014-05-25 20:16 - 00000000 ____D () C:\Users\Michael\AppData\Local\{08ED54E1-FB2A-4D04-BC86-0BC777193517}

    2014-05-23 22:09 - 2014-05-23 22:09 - 00000000 ____D () C:\ProgramData\Google

    2014-05-23 22:09 - 2014-05-23 22:09 - 00000000 ____D () C:\Program Files\Google

    2014-05-23 22:08 - 2014-05-23 22:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

    2014-05-23 22:08 - 2014-05-23 22:08 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk

    2014-05-23 20:53 - 2014-05-23 20:53 - 00000000 ____D () C:\Users\Michael\AppData\Local\{4C872568-2D59-489B-A519-E985474A498E}

    2014-05-18 19:57 - 2014-05-18 19:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\{BAD8B963-8125-448B-9EF4-9B6347CABA79}

    2014-05-17 19:39 - 2014-05-17 19:39 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D2E02429-F576-4F62-91C9-DE8EC18D884E}

    2014-05-13 17:22 - 2014-04-12 05:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

    2014-05-13 17:22 - 2014-04-12 05:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe

    2014-05-13 17:22 - 2014-04-12 05:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll

    2014-05-13 17:22 - 2014-04-12 05:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll

    2014-05-13 17:22 - 2014-04-12 05:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

    2014-05-13 17:22 - 2014-04-12 05:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

    2014-05-13 17:22 - 2014-04-12 05:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

    2014-05-13 17:22 - 2014-04-12 05:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

    2014-05-13 17:22 - 2014-04-12 05:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll

    2014-05-13 17:22 - 2014-04-12 05:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

    2014-05-13 17:22 - 2014-04-12 03:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll

    2014-05-13 17:22 - 2014-04-12 03:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll

    2014-05-13 17:22 - 2014-04-12 03:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll

    2014-05-13 17:22 - 2014-04-12 03:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll

    2014-05-13 17:22 - 2014-04-12 03:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll

    2014-05-13 17:22 - 2014-04-12 03:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

    2014-05-13 17:22 - 2014-03-28 15:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys

    2014-05-13 17:22 - 2014-03-28 04:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll

    2014-05-13 17:22 - 2014-03-28 02:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll

    2014-05-13 17:22 - 2014-03-23 18:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys

    2014-05-13 17:22 - 2014-03-10 23:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

    2014-05-13 17:22 - 2014-03-10 23:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys

    2014-05-13 17:22 - 2014-03-10 20:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll

    2014-05-13 17:22 - 2014-03-10 20:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

    2014-05-13 17:22 - 2014-03-10 20:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll

    2014-05-13 17:22 - 2014-03-10 20:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe

    2014-05-13 17:22 - 2014-03-10 20:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll

    2014-05-13 17:22 - 2014-03-10 20:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll

    2014-05-13 17:22 - 2014-03-10 20:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

    2014-05-13 17:22 - 2014-03-10 20:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll

    2014-05-13 17:22 - 2014-03-10 20:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll

    2014-05-13 17:22 - 2014-03-10 20:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll

    2014-05-13 17:22 - 2014-03-10 20:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll

    2014-05-13 17:22 - 2014-03-09 23:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll

    2014-05-13 17:22 - 2014-03-09 21:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

    2014-05-13 17:22 - 2014-03-03 19:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys

    2014-05-13 17:21 - 2014-04-12 05:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

    2014-05-13 17:21 - 2014-04-12 03:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll

    2014-05-13 17:21 - 2014-04-12 02:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll

    2014-05-13 17:21 - 2014-03-28 04:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll

    2014-05-13 17:21 - 2014-03-01 05:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll

    2014-05-13 17:21 - 2014-03-01 05:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll

    2014-05-13 17:21 - 2014-03-01 04:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll

    2014-05-13 17:21 - 2014-03-01 02:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll

    2014-05-13 17:21 - 2014-02-26 19:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys

    2014-05-13 17:21 - 2014-02-26 19:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys

    2014-05-13 17:21 - 2014-02-26 19:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys

    2014-05-13 17:21 - 2014-02-15 00:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys

     

    ==================== One Month Modified Files and Folders =======

     

    2014-06-11 18:19 - 2014-06-11 18:19 - 00024444 _____ () C:\Users\Michael\Downloads\FRST.txt

    2014-06-11 18:19 - 2014-06-11 18:19 - 00000000 ____D () C:\FRST

    2014-06-11 18:19 - 2012-12-17 12:03 - 00000000 ____D () C:\Users\Michael\AppData\Local\Temp

    2014-06-11 18:18 - 2014-06-11 18:18 - 02081792 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (3).exe

    2014-06-11 18:18 - 2014-06-11 18:18 - 02081792 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (2).exe

    2014-06-11 18:17 - 2014-06-11 18:17 - 02081792 _____ (Farbar) C:\Users\Michael\Downloads\FRST64 (1).exe

    2014-06-11 18:16 - 2014-06-11 18:16 - 02081792 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe

    2014-06-11 18:00 - 2014-06-11 17:56 - 00000842 _____ () C:\windows\Tasks\Security Center Update - 2611310932.job

    2014-06-11 18:00 - 2014-06-11 17:32 - 00000852 _____ () C:\windows\Tasks\Security Center Update - 2126033022.job

    2014-06-11 18:00 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru

    2014-06-11 17:56 - 2014-06-11 17:56 - 00003818 _____ () C:\windows\System32\Tasks\Security Center Update - 2611310932

    2014-06-11 17:56 - 2014-06-11 17:56 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Heuvan

    2014-06-11 17:55 - 2013-04-23 22:25 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps

    2014-06-11 17:55 - 2013-01-11 23:05 - 00000932 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    2014-06-11 17:55 - 2013-01-11 23:05 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    2014-06-11 17:50 - 2012-12-17 12:05 - 00003962 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4EEA9D32-882F-444D-A469-D56BACDC089C}

    2014-06-11 17:34 - 2014-06-04 18:24 - 00003190 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMichael

    2014-06-11 17:34 - 2014-06-04 18:24 - 00000372 _____ () C:\windows\Tasks\HPCeeScheduleForMichael.job

    2014-06-11 17:34 - 2012-12-17 20:14 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log

    2014-06-11 17:34 - 2012-12-17 20:14 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

    2014-06-11 17:34 - 2012-12-17 12:03 - 00000000 ____D () C:\Users\Michael

    2014-06-11 17:32 - 2014-06-11 17:32 - 00143360 _____ () C:\Users\Michael\AppData\Local\asllllfu.exe

    2014-06-11 17:32 - 2014-06-11 17:32 - 00003828 _____ () C:\windows\System32\Tasks\Security Center Update - 2126033022

    2014-06-11 17:32 - 2014-06-11 17:32 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Udipuwfe

    2014-06-11 17:30 - 2012-12-17 12:13 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3304380047-1144064881-2346535376-1001

    2014-06-11 17:28 - 2012-07-26 03:28 - 00876622 _____ () C:\windows\system32\PerfStringBackup.INI

    2014-06-11 17:26 - 2013-08-14 16:17 - 00000000 ____D () C:\windows\system32\MRT

    2014-06-11 17:25 - 2014-04-14 18:13 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat

    2014-06-11 17:24 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT

    2014-06-11 17:23 - 2014-03-14 20:46 - 00034900 _____ () C:\windows\PFRO.log

    2014-06-11 17:23 - 2013-02-16 22:58 - 01187337 _____ () C:\windows\WindowsUpdate.log

    2014-06-11 17:23 - 2012-12-17 12:06 - 00000000 _____ () C:\windows\system32\Drivers\lvuvc.hs

    2014-06-11 17:23 - 2012-07-26 01:26 - 00524288 ___SH () C:\windows\system32\config\BBI

    2014-06-11 17:21 - 2014-06-11 17:21 - 00000000 ____D () C:\Program Files\Western Digital

    2014-06-11 17:21 - 2014-04-14 18:12 - 00000000 ____D () C:\Program Files\Common Files\Western Digital

    2014-06-11 17:21 - 2014-04-14 18:12 - 00000000 ____D () C:\Program Files (x86)\Western Digital

    2014-06-11 17:21 - 2014-04-14 18:11 - 00000000 ____D () C:\ProgramData\Western Digital

    2014-06-11 17:21 - 2014-03-07 18:14 - 00057554 _____ () C:\windows\DPINST.LOG

    2014-06-11 17:21 - 2013-11-28 10:02 - 00000000 ____D () C:\ProgramData\Package Cache

    2014-06-10 21:37 - 2012-07-26 03:59 - 00000000 ____D () C:\windows\CbsTemp

    2014-06-10 21:35 - 2014-03-14 20:37 - 00000000 ____D () C:\ProgramData\Microsoft Help

    2014-06-10 21:31 - 2012-12-21 18:00 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

    2014-06-10 20:56 - 2013-12-03 19:26 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\ClassicShell

    2014-06-10 20:40 - 2014-06-10 20:40 - 00147456 _____ () C:\Users\Michael\AppData\Local\dvahexhq.exe

    2014-06-10 20:38 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\ELAM

    2014-06-10 20:32 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent

    2014-06-09 19:54 - 2014-06-09 19:54 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Xiuhytc

    2014-06-09 19:44 - 2014-03-07 18:14 - 00014903 _____ () C:\windows\setupact.log

    2014-06-09 17:02 - 2014-06-09 17:02 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Ylyxly

    2014-06-08 18:15 - 2013-06-05 18:24 - 00417280 ___SH () C:\Users\Michael\Downloads\Thumbs.db

    2014-06-07 17:16 - 2013-04-30 18:29 - 00130560 ___SH () C:\Users\Michael\Desktop\Thumbs.db

    2014-06-07 17:10 - 2014-06-07 17:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{224830B8-677C-4A76-95DB-08D88C19336E}

    2014-06-06 21:59 - 2014-06-04 18:26 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Ewohuvz

    2014-06-05 21:20 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\NDF

    2014-06-02 21:48 - 2014-06-02 21:48 - 00068782 _____ () C:\Users\Michael\AppData\Local\rvxxbgxb

    2014-06-02 20:17 - 2014-06-02 20:17 - 00000000 ____D () C:\Users\Michael\Desktop\My CD

    2014-06-02 17:18 - 2014-06-02 17:18 - 00000000 ____D () C:\Users\Michael\AppData\Local\{881F8DB9-F1FA-4524-88D9-E9C82B92CDB1}

    2014-06-01 20:14 - 2014-06-01 20:14 - 00000000 ____D () C:\Users\Michael\AppData\Local\{15CA1DF9-3AA9-4AB8-90EB-3CBEB1CA2504}

    2014-05-31 01:16 - 2013-11-16 07:29 - 00703992 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

    2014-05-31 01:16 - 2013-11-16 07:29 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

    2014-05-30 21:24 - 2014-05-30 21:23 - 00000000 ____D () C:\Users\Michael\AppData\Local\{6ED51D36-00EF-4103-A2B9-E9D209EBD982}

    2014-05-27 19:23 - 2014-05-27 19:23 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B0C134A4-B9BE-4B34-95F3-7F02760A1C87}

    2014-05-25 20:55 - 2013-08-22 17:59 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

    2014-05-25 20:16 - 2014-05-25 20:16 - 00000000 ____D () C:\Users\Michael\AppData\Local\{08ED54E1-FB2A-4D04-BC86-0BC777193517}

    2014-05-23 22:48 - 2014-06-10 20:40 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

    2014-05-23 22:47 - 2014-06-10 20:40 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

    2014-05-23 22:47 - 2014-06-10 20:40 - 01366016 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

    2014-05-23 22:47 - 2014-06-10 20:40 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll

    2014-05-23 22:47 - 2014-06-10 20:40 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll

    2014-05-23 22:46 - 2014-06-10 20:40 - 19290112 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

    2014-05-23 22:46 - 2014-06-10 20:40 - 15368704 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

    2014-05-23 22:46 - 2014-06-10 20:40 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

    2014-05-23 22:46 - 2014-06-10 20:40 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

    2014-05-23 22:46 - 2014-06-10 20:40 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

    2014-05-23 22:46 - 2014-06-10 20:40 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

    2014-05-23 22:46 - 2014-06-10 20:40 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

    2014-05-23 22:46 - 2014-06-10 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

    2014-05-23 22:46 - 2014-06-10 20:40 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

    2014-05-23 22:46 - 2014-06-10 20:40 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

    2014-05-23 22:46 - 2014-06-10 20:39 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

    2014-05-23 22:46 - 2014-06-10 20:39 - 02650112 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

    2014-05-23 22:45 - 2014-06-10 20:40 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

    2014-05-23 22:45 - 2014-06-10 20:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

    2014-05-23 22:45 - 2014-06-10 20:40 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

    2014-05-23 22:11 - 2013-08-30 19:57 - 00000000 ____D () C:\ProgramData\Adobe

    2014-05-23 22:10 - 2013-08-30 19:55 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe

    2014-05-23 22:10 - 2012-12-17 12:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Adobe

    2014-05-23 22:09 - 2014-05-23 22:09 - 00000000 ____D () C:\ProgramData\Google

    2014-05-23 22:09 - 2014-05-23 22:09 - 00000000 ____D () C:\Program Files\Google

    2014-05-23 22:09 - 2013-01-02 22:55 - 00000000 ____D () C:\Program Files (x86)\Google

    2014-05-23 22:08 - 2014-05-23 22:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

    2014-05-23 22:08 - 2014-05-23 22:08 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk

    2014-05-23 22:08 - 2013-08-30 19:56 - 00000000 ____D () C:\Program Files (x86)\Adobe

    2014-05-23 21:26 - 2014-06-10 20:40 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

    2014-05-23 21:26 - 2014-06-10 20:40 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

    2014-05-23 21:26 - 2014-06-10 20:40 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

    2014-05-23 21:26 - 2014-06-10 20:40 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

    2014-05-23 21:26 - 2014-06-10 20:40 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll

    2014-05-23 21:26 - 2014-06-10 20:39 - 14365696 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

    2014-05-23 21:26 - 2014-06-10 20:39 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

    2014-05-23 21:25 - 2014-06-10 20:40 - 13731328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

    2014-05-23 21:25 - 2014-06-10 20:40 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

    2014-05-23 21:25 - 2014-06-10 20:40 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

    2014-05-23 21:25 - 2014-06-10 20:40 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

    2014-05-23 21:25 - 2014-06-10 20:40 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll

    2014-05-23 21:25 - 2014-06-10 20:40 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

    2014-05-23 21:25 - 2014-06-10 20:40 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

    2014-05-23 21:25 - 2014-06-10 20:40 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

    2014-05-23 21:25 - 2014-06-10 20:39 - 02862080 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

    2014-05-23 21:25 - 2014-06-10 20:39 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

    2014-05-23 21:25 - 2014-06-10 20:39 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

    2014-05-23 21:09 - 2014-06-10 20:40 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

    2014-05-23 21:03 - 2014-06-10 20:40 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

    2014-05-23 20:53 - 2014-05-23 20:53 - 00000000 ____D () C:\Users\Michael\AppData\Local\{4C872568-2D59-489B-A519-E985474A498E}

    2014-05-23 18:37 - 2014-06-10 20:40 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll

    2014-05-21 20:33 - 2012-12-17 12:03 - 00000000 ____D () C:\Users\Michael\AppData\Local\Packages

    2014-05-20 20:40 - 2013-04-21 18:57 - 00000000 ____D () C:\ProgramData\Roxio

    2014-05-18 19:57 - 2014-05-18 19:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\{BAD8B963-8125-448B-9EF4-9B6347CABA79}

    2014-05-17 23:09 - 2014-04-14 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital

    2014-05-17 19:39 - 2014-05-17 19:39 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D2E02429-F576-4F62-91C9-DE8EC18D884E}

    2014-05-17 18:30 - 2012-12-17 12:05 - 00000000 ___RD () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

    2014-05-17 18:30 - 2012-12-17 12:05 - 00000000 ___RD () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

    2014-05-16 18:20 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\rescache

    2014-05-16 17:53 - 2012-07-26 04:12 - 00000000 ___RD () C:\windows\ToastData

    2014-05-16 17:53 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

    2014-05-16 17:53 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

    2014-05-16 17:53 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates

    2014-05-16 17:53 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files\Windows Defender

    2014-05-16 17:53 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

     

    Some content of TEMP:

    ====================

    C:\Users\Michael\AppData\Local\Temp\Checkupdate.exe

    C:\Users\Michael\AppData\Local\Temp\Extract.exe

    C:\Users\Michael\AppData\Local\Temp\Foxit Reader Updater.exe

    C:\Users\Michael\AppData\Local\Temp\gcapi_dll.dll

    C:\Users\Michael\AppData\Local\Temp\gtapi_signed.dll

    C:\Users\Michael\AppData\Local\Temp\ose00000.exe

    C:\Users\Michael\AppData\Local\Temp\sp64126.exe

    C:\Users\Michael\AppData\Local\Temp\SP65397.exe

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite10926.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite11083.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite11575.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite12027.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite13050.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite14093.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite14589.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite16386.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite16414.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite16767.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite16790.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite17876.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite18102.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite18897.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite19881.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite20031.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite20718.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite21606.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite21654.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite22349.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite23361.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite23388.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite24341.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite24360.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite24786.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite25627.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite26840.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite27136.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite28701.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite28904.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite29551.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite30294.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite30353.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite31472.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite33223.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite33828.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite35951.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite37768.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite38996.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite39397.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite40612.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite40635.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite41085.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite41324.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite41654.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite41660.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite42144.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite44223.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite44706.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite45490.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite46316.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite46798.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite47299.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite47423.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite47638.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite47792.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite48236.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite48720.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite49138.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite52268.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite52495.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite52716.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite52807.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite53008.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite55232.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite55421.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite55481.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite56048.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite58327.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite58507.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite59010.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite59834.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite60426.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite60482.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite61463.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite62307.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite62405.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite62935.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite64103.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite64716.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite67222.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite70423.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite70683.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite72209.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite73697.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite75283.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite77468.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite78397.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite79667.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite79723.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite82238.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite83300.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite84753.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite84920.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite84926.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite85373.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite86333.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite86480.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite86610.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite89613.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite92978.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite94020.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite94431.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite95510.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite96326.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite99290.dll

    C:\Users\Michael\AppData\Local\Temp\System.Data.SQLite99385.dll

    C:\Users\Michael\AppData\Local\Temp\UninstallHPSA.exe

    C:\Users\Michael\AppData\Local\Temp\Upd254A_FlashPlayer.exe

    C:\Users\Michael\AppData\Local\Temp\update-20140407.exe

    C:\Users\Michael\AppData\Local\Temp\UpdateFlashPlayer_47669d1b.exe

    C:\Users\Michael\AppData\Local\Temp\UpdateFlashPlayer_a1c5c728.exe

     

     

    ==================== Bamital & volsnap Check =================

     

    C:\Windows\System32\winlogon.exe => File is digitally signed

    C:\Windows\System32\wininit.exe => File is digitally signed

    C:\Windows\explorer.exe => File is digitally signed

    C:\Windows\SysWOW64\explorer.exe => File is digitally signed

    C:\Windows\System32\svchost.exe => File is digitally signed

    C:\Windows\SysWOW64\svchost.exe => File is digitally signed

    C:\Windows\System32\services.exe => File is digitally signed

    C:\Windows\System32\User32.dll => File is digitally signed

    C:\Windows\SysWOW64\User32.dll => File is digitally signed

    C:\Windows\System32\userinit.exe => File is digitally signed

    C:\Windows\SysWOW64\userinit.exe => File is digitally signed

    C:\Windows\System32\rpcss.dll => File is digitally signed

    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

     

     

    LastRegBack: 2014-06-03 17:15

     

    ==================== End Of Log ============================


  7. Good evening......After powering up my PC, selecting either IE   or Chrome, I start receiving multiple  MalwareBytes Warning Pop-ups

    "Malwarebytes successfully blocked access to a potentially malicious website"   along with Windows Defender showing the same type of Pop up Warnings.  

    They sometimes alternate.   This has been happening for around 5 days.   

    I assume that I successfully clean up after selecting all threats and rebooting.

    Database Version : v2014.06.09.11

     

    Thoughts?   more information needed?


  8. GRINGO. I did everything in the previous post. The only unusual thing, after DEFOGGER was finished, it didn't ask to reboot. FYI.

    This has been quite an experience, taking a Little longer than I could ever have imagined, :D but your instructions were very clear and I learned a lot about my system.

    Everything seems to be running fine and faster, so I think you can close the thread.

    Mike


  9. this is the ESET SCAN

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText.zip Win32/Bagle.gen.zip worm

    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\44\39347aac-30d7df65 a variant of Win32/Kryptik.ALFB trojan

    C:\Documents and Settings\HP_Administrator\My Documents\SlideShowYouTubeSetup Win32/OpenCandy application

    C:\Documents and Settings\HP_Administrator\My Documents\winamp5581_full_emusic-7plus_en-us.exe Win32/OpenCandy application

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\7zip_installer_d162802.exe a variant of Win32/InstallIQ application

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\SoftonicDownloader_for_smillaenlarger.exe a variant of Win32/SoftonicDownloader.E application


  10. From the HijackThis program

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 7:31:37 PM, on 12/9/2012

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Epson Software\Event Manager\EEventManager.exe

    C:\Program Files\Microsoft IntelliPoint\ipoint.exe

    C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\HP\KBD\KBD.EXE

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

    C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe

    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\AVAST Software\Avast\avastUI.exe

    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe

    C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

    C:\Program Files\NETGEAR GA311 Adapter\GA311.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\UStorSrv.exe

    C:\Program Files\HP\Digital Imaging\Bin\hpqSTE08.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Java\jre7\bin\jqs.exe

    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\WINDOWS\notepad.exe

    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=mtmh12052012

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"

    O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"

    O4 - HKLM\..\Run: [MyGarminAgent] C:\Program Files\Garmin\MyGarminAgent\MyGarminAgent.exe

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

    O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe

    O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide

    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

    O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll

    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344607093531

    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx

    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe

    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326

    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    --

    End of file - 13250 bytes


  11. Here is the log from running the Malwarebytes program again.

    Malwarebytes Anti-Malware (PRO) 1.65.1.1000

    www.malwarebytes.org

    Database version: v2012.12.09.06

    Windows XP Service Pack 3 x86 NTFS

    Internet Explorer 8.0.6001.18702

    HP_Administrator :: BASEMENT [administrator]

    Protection: Disabled

    12/9/2012 7:06:46 PM

    mbam-log-2012-12-09 (19-06-46).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 235424

    Time elapsed: 8 minute(s), 10 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 1

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)


  12. Is this the Log you needed ?

    TL logfile created on: 12/8/2012 9:39:46 PM - Run 1

    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads

    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.48 Mb Total Physical Memory | 490.76 Mb Available Physical Memory | 51.20% Memory free

    2.26 Gb Paging File | 1.56 Gb Available in Paging File | 69.00% Paging File free

    Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 224.87 Gb Total Space | 79.02 Gb Free Space | 35.14% Space Free | Partition Type: NTFS

    Drive D: | 8.00 Gb Total Space | 0.86 Gb Free Space | 10.80% Space Free | Partition Type: FAT32

    Computer Name: BASEMENT | User Name: HP_Administrator | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)

    PRC - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

    PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

    PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

    PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()

    PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()

    PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

    PRC - C:\Program Files\Garmin\MyGarminAgent\myGarminAgent.exe ()

    PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

    PRC - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe ()

    PRC - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()

    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)

    PRC - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)

    PRC - C:\WINDOWS\system32\UStorSrv.exe (OTi)

    PRC - C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()

    PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)

    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\AVAST Software\Avast\defs\12120800\algo.dll ()

    MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll ()

    MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll ()

    MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll ()

    MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\avutil-51.dll ()

    MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll ()

    MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\avformat-54.dll ()

    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

    MOD - C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()

    MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll ()

    MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll ()

    MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()

    MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()

    MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll ()

    MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()

    MOD - C:\WINDOWS\system32\quartz.dll ()

    MOD - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()

    MOD - C:\WINDOWS\system32\sbe.dll ()

    MOD - C:\Program Files\Garmin\MyGarminAgent\myGarminAgent.exe ()

    MOD - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe ()

    MOD - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()

    MOD - C:\WINDOWS\system32\msdmo.dll ()

    MOD - C:\WINDOWS\system32\devenum.dll ()

    MOD - C:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll ()

    MOD - C:\WINDOWS\system32\OPDSL.DLL ()

    MOD - C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()

    MOD - C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll ()

    MOD - C:\Program Files\HP\HP Share-to-Web\hpgs2wnfps.dll ()

    ========== Services (SafeList) ==========

    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

    SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

    SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

    SRV - (AntiSpywareService) -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()

    SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)

    SRV - (ITMRTSVC) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)

    SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)

    SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

    SRV - (UStorage Server Service) -- C:\WINDOWS\System32\UStorSrv.exe (OTi)

    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found

    DRV - (SASKUTIL) -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS File not found

    DRV - (SASDIFSV) -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS File not found

    DRV - (PDRFRAME) -- File not found

    DRV - (PDRELI) -- File not found

    DRV - (PDFRAME) -- File not found

    DRV - (PDCOMP) -- File not found

    DRV - (PCIDump) -- File not found

    DRV - (mbr) -- C:\ComboFix\mbr.sys File not found

    DRV - (lbrtfdc) -- File not found

    DRV - (i2omgmt) -- File not found

    DRV - (ftsata2) -- system32\DRIVERS\ftsata2.sys File not found

    DRV - (Changer) -- File not found

    DRV - (catchme) -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys File not found

    DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()

    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)

    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

    DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)

    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)

    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

    DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

    DRV - (usbcamcl) -- C:\WINDOWS\system32\drivers\usbcamcl.sys (usb camera)

    DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)

    DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

    DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

    DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

    DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

    DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

    DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

    DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)

    DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)

    DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

    DRV - (Diag69xp) -- C:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation)

    DRV - (LANPkt) -- C:\WINDOWS\system32\drivers\LANPkt.sys (Windows ® 2000 DDK provider)

    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

    DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)

    ========== Standard Registry (All) ==========

    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser

    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser

    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=mtmh12052012

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\SearchScopes\{4EE2548F-5DDF-4D17-9FCA-A9783535AE25}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_en

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2009/09/26 19:23:35 | 000,000,000 | ---D | M]

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/09/26 19:23:35 | 000,000,000 | ---D | M]

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/09/26 19:23:35 | 000,000,000 | ---D | M]

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/02 06:42:15 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/15 20:41:20 | 000,000,000 | ---D | M]

    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks [2010/12/20 20:53:36 | 000,000,000 | ---D | M]

    [2012/12/01 19:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: MyStart Search (Enabled)

    CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb196/?loc=IB_DS&search={searchTerms}&a=6OyVUJJlxu&i=26

    CHR - default_search_provider: suggest_url =

    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll

    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll

    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll

    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

    CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

    CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071706000001.dll

    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll

    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll

    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

    CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll

    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

    CHR - plugin: Java Deployment Toolkit 7.0.40.20 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

    CHR - Extension: avast! WebRep = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

    O1 HOSTS File: ([2012/12/08 13:14:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

    O1 - Hosts: 127.0.0.1 localhost

    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)

    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

    O3 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

    O3 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

    O3 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

    O3 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    O3 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

    O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)

    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

    O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)

    O4 - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

    O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)

    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

    O4 - HKLM..\Run: [MyGarminAgent] C:\Program Files\Garmin\MyGarminAgent\myGarminAgent.exe ()

    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

    O4 - HKLM..\Run: [share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)

    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

    O4 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()

    O4 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

    O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

    O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()

    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

    O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

    O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

    O9 - Extra Button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

    O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab (SentinelVE3D Class)

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)

    O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)

    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)

    O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab (SentinelProxy Class)

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344607093531 (MUWebControl Class)

    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab (Java Plug-in 1.7.0_04)

    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx (CamImage Class)

    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)

    O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17)

    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe (Virtools WebPlayer Class)

    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30155.www3.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326 (QDiagHUpdateObj Class)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AC2A2D4-1AC8-429C-B93F-426057F315BD}: DhcpNameServer = 75.75.76.76 75.75.75.75

    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\ipp - No CLSID value found

    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp - No CLSID value found

    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

    O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

    O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

    O24 - Desktop Components:0 (My Current Home Page) - About:Home

    O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

    O31 - SafeBoot: AlternateShell - cmd.exe

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2005/09/21 18:45:22 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

    O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

    O34 - HKLM BootExecute: (autocheck autochk *)

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = ComFile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/08 16:51:46 | 000,000,000 | ---D | C] -- C:\_OTL

    [2012/12/08 12:55:48 | 000,000,000 | RHSD | C] -- C:\cmdcons

    [2012/12/05 20:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine

    [2012/12/01 22:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-zip

    [2012/12/01 22:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\7-zip

    [2012/12/01 19:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

    [2012/12/01 19:09:31 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll

    [2012/12/01 19:09:31 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll

    [2012/12/01 19:09:31 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll

    [2012/12/01 19:09:31 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll

    [2012/12/01 19:09:30 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll

    [2012/12/01 19:09:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ARFC

    [2012/12/01 19:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\VisualBeeExe

    [2012/12/01 19:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\VisualBee

    [2012/11/24 17:48:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent

    [2012/11/17 16:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SketchUp 8

    [2008/12/21 21:29:59 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys

    [2008/01/29 18:51:10 | 000,677,343 | ---- | C] (Orban, Inc. ) -- C:\Program Files\setup_AAC_aacPlus_plugin_1_0_36.exe

    [2007/01/15 20:30:20 | 014,994,392 | ---- | C] (Macrovision Corporation) -- C:\Program Files\GoogleEarthWin.exe

    [2007/01/06 22:02:38 | 023,510,720 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx.exe

    [2006/12/30 20:38:58 | 000,545,752 | ---- | C] (Adobe Systems) -- C:\Program Files\sgc10_rdr80_DLM_en_US.exe

    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/12/08 21:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

    [2012/12/08 21:21:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4233663647-1942647512-3799240583-1008UA.job

    [2012/12/08 21:07:01 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

    [2012/12/08 20:07:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

    [2012/12/08 17:13:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

    [2012/12/08 13:14:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

    [2012/12/08 12:55:56 | 000,000,325 | RHS- | M] () -- C:\boot.ini

    [2012/12/08 10:42:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2012/12/08 10:40:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2012/12/08 10:40:38 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys

    [2012/12/07 22:28:17 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{586EFC3D-4784-43E3-A6C5-2F67F2045002}.job

    [2012/12/05 18:24:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable

    [2012/12/04 19:54:47 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk

    [2012/12/01 22:25:24 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\7-zip.lnk

    [2012/12/01 21:35:40 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

    [2012/12/01 20:49:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

    [2012/12/01 20:49:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

    [2012/12/01 19:04:26 | 006,969,809 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SmillaEnlarger-0.9.0.zip

    [2012/12/01 08:21:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4233663647-1942647512-3799240583-1008Core.job

    [2012/11/29 20:22:37 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk

    [2012/11/29 20:22:37 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

    [2012/11/17 16:48:37 | 000,001,773 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SketchUp 8.lnk

    [2012/11/17 14:18:54 | 000,376,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2012/11/17 12:54:31 | 000,446,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

    [2012/11/17 12:54:31 | 000,073,254 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    [2012/11/12 19:17:15 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/12/05 18:24:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable

    [2012/12/01 22:25:24 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\7-zip.lnk

    [2012/12/01 21:35:40 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

    [2012/12/01 19:09:29 | 001,008,496 | ---- | C] () -- C:\WINDOWS\System32\dmwu.exe

    [2012/12/01 19:09:29 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ImHttpComm.dll

    [2012/12/01 19:04:17 | 006,969,809 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SmillaEnlarger-0.9.0.zip

    [2012/11/17 16:48:37 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SketchUp 8.lnk

    [2012/08/02 11:20:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

    [2012/08/02 11:20:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

    [2012/08/02 11:20:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

    [2012/08/02 11:20:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

    [2012/08/02 11:20:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

    [2012/04/25 18:06:23 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2012/03/06 21:42:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

    [2012/03/02 20:30:39 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat

    [2012/02/14 19:14:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

    [2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll

    [2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll

    [2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe

    [2011/12/15 19:10:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI

    [2011/12/11 19:51:01 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

    [2011/12/11 19:51:01 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

    [2011/12/11 19:51:01 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

    [2011/12/11 19:51:01 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

    [2011/12/11 19:51:01 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

    [2011/12/11 19:51:01 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

    [2011/12/11 19:51:01 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

    [2011/12/11 19:51:01 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

    [2011/12/11 19:51:01 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

    [2011/12/11 19:51:01 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

    [2011/12/11 19:51:01 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

    [2011/12/11 19:51:01 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

    [2011/12/11 19:51:01 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

    [2011/12/11 19:51:01 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

    [2011/12/11 19:51:01 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

    [2011/12/11 19:51:01 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

    [2011/12/11 19:50:35 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfwad.bin

    [2011/12/11 19:49:36 | 000,000,035 | ---- | C] () -- C:\WINDOWS\PERFV33_330.ini

    [2011/11/16 20:40:38 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

    [2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

    [2011/07/12 16:29:56 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

    [2011/03/25 20:04:01 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\CoUninstall.dll

    [2011/03/25 19:14:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\camera.ini

    [2010/01/11 22:21:25 | 000,617,322 | RH-- | C] () -- C:\Documents and Settings\HP_Administrator\Backup Log

    [2008/12/28 22:19:29 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

    [2008/12/21 21:32:52 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Printer.ini

    [2008/12/21 21:29:59 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\inst.exe

    [2008/12/21 21:29:59 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.cat

    [2008/12/21 21:29:59 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.inf

    [2007/12/31 20:40:22 | 018,131,206 | ---- | C] () -- C:\Program Files\exPressit Memorex.zip

    [2007/06/12 19:29:19 | 000,000,114 | ---- | C] () -- C:\Program Files\64Winamp.pls

    [2007/05/29 20:05:07 | 000,055,088 | ---- | C] () -- C:\Program Files\MFInstall.exe

    [2007/01/06 22:01:02 | 003,993,441 | ---- | C] () -- C:\Program Files\PaintDotNet_3_0_Beta3_BetaNews.zip

    [2006/05/04 21:20:34 | 000,000,524 | ---- | C] () -- C:\Program Files\Shortcut to Microsoft Office.lnk

    [2006/03/03 19:20:56 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini

    [2005/12/19 16:26:37 | 000,001,262 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2004/11/16 23:28:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Both

    ========== Custom Scans ==========

    < :Run CFScript: >

    < End of report >


  13. ========== OTL ==========

    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

    Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine\ deleted successfully.

    Registry value HKEY_USERS\S-1-5-21-4233663647-1942647512-3799240583-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

    Registry value HKEY_USERS\S-1-5-21-4233663647-1942647512-3799240583-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{669B269B-0D4E-41FB-A3D8-FD67CA94F646}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{669B269B-0D4E-41FB-A3D8-FD67CA94F646}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8828075D-D097-4055-AA02-2DBFA9D85E8A}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8828075D-D097-4055-AA02-2DBFA9D85E8A}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{97809617-3937-4F84-B335-9BB05EF1A8D4}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97809617-3937-4F84-B335-9BB05EF1A8D4}\ not found.

    Starting removal of ActiveX control {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}

    C:\WINDOWS\Downloaded Program Files\RhapX.inf moved successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ not found.

    Starting removal of ActiveX control {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}

    C:\WINDOWS\Downloaded Program Files\SymDlBrg.inf moved successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}\ not found.

    Starting removal of ActiveX control {B9191F79-5613-4C76-AA2A-398534BB8999}

    C:\Program Files\Yahoo!\Common\yab_af.inf not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B9191F79-5613-4C76-AA2A-398534BB8999}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9191F79-5613-4C76-AA2A-398534BB8999}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B9191F79-5613-4C76-AA2A-398534BB8999}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9191F79-5613-4C76-AA2A-398534BB8999}\ not found.

    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.

    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.

    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.

    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.

    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.

    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.

    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.

    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.

    Starting removal of ActiveX control {D18F962A-3722-4B59-B08D-28BB9EB2281E}

    C:\Program Files\Yahoo!\Common\yphotos.inf not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D18F962A-3722-4B59-B08D-28BB9EB2281E}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D18F962A-3722-4B59-B08D-28BB9EB2281E}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D18F962A-3722-4B59-B08D-28BB9EB2281E}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D18F962A-3722-4B59-B08D-28BB9EB2281E}\ not found.

    Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444552440000}

    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\swflash.inf moved successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444552440000}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444552440000}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444552440000}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444552440000}\ not found.

    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

    C:\WINDOWS\Downloaded Program Files\gp.inf not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

    Starting removal of ActiveX control Comcast.Ocf.Cab

    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Comcast.Ocf.Cab\DownloadInformation\\INF .

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Comcast.Ocf.Cab\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Comcast.Ocf.Cab\ not found.

    Registry key HKEY_USERS\S-1-5-21-4233663647-1942647512-3799240583-1008\Software\Microsoft\Internet Explorer\SearchScopes\{776E2417-BB3E-495E-9D0C-B0AC2605FC89}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{776E2417-BB3E-495E-9D0C-B0AC2605FC89}\ not found.

    OTL by OldTimer - Version 3.2.69.0 log created on 12082012_165146

    Is this the one ?


  14. OTL logfile created on: 12/8/2012 4:15:17 PM - Run 1

    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads

    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.48 Mb Total Physical Memory | 429.14 Mb Available Physical Memory | 44.77% Memory free

    2.26 Gb Paging File | 1.63 Gb Available in Paging File | 72.06% Paging File free

    Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 224.87 Gb Total Space | 79.02 Gb Free Space | 35.14% Space Free | Partition Type: NTFS

    Drive D: | 8.00 Gb Total Space | 0.86 Gb Free Space | 10.80% Space Free | Partition Type: FAT32

    Computer Name: BASEMENT | User Name: HP_Administrator | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)

    PRC - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

    PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

    PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

    PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()

    PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()

    PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

    PRC - C:\Program Files\Garmin\MyGarminAgent\myGarminAgent.exe ()

    PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

    PRC - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe ()

    PRC - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()

    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)

    PRC - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)

    PRC - C:\WINDOWS\system32\UStorSrv.exe (OTi)

    PRC - C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()

    PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)

    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\AVAST Software\Avast\defs\12120800\algo.dll ()

    MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll ()

    MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll ()

    MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll ()

    MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\avutil-51.dll ()

    MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll ()

    MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\avformat-54.dll ()

    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

    MOD - C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()

    MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll ()

    MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll ()

    MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()

    MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()

    MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll ()

    MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()

    MOD - C:\WINDOWS\system32\quartz.dll ()

    MOD - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()

    MOD - C:\WINDOWS\system32\sbe.dll ()

    MOD - C:\Program Files\Garmin\MyGarminAgent\myGarminAgent.exe ()

    MOD - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe ()

    MOD - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()

    MOD - C:\WINDOWS\system32\msdmo.dll ()

    MOD - C:\WINDOWS\system32\devenum.dll ()

    MOD - C:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll ()

    MOD - C:\WINDOWS\system32\OPDSL.DLL ()

    MOD - C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()

    MOD - C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll ()

    MOD - C:\Program Files\HP\HP Share-to-Web\hpgs2wnfps.dll ()

    ========== Services (SafeList) ==========

    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

    SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

    SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

    SRV - (AntiSpywareService) -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()

    SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)

    SRV - (ITMRTSVC) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)

    SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)

    SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

    SRV - (UStorage Server Service) -- C:\WINDOWS\System32\UStorSrv.exe (OTi)

    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found

    DRV - (SASKUTIL) -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS File not found

    DRV - (SASDIFSV) -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS File not found

    DRV - (PDRFRAME) -- File not found

    DRV - (PDRELI) -- File not found

    DRV - (PDFRAME) -- File not found

    DRV - (PDCOMP) -- File not found

    DRV - (PCIDump) -- File not found

    DRV - (mbr) -- C:\ComboFix\mbr.sys File not found

    DRV - (lbrtfdc) -- File not found

    DRV - (i2omgmt) -- File not found

    DRV - (ftsata2) -- system32\DRIVERS\ftsata2.sys File not found

    DRV - (Changer) -- File not found

    DRV - (catchme) -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys File not found

    DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()

    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)

    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

    DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)

    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)

    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

    DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

    DRV - (usbcamcl) -- C:\WINDOWS\system32\drivers\usbcamcl.sys (usb camera)

    DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)

    DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

    DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

    DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

    DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

    DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

    DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

    DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)

    DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)

    DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

    DRV - (Diag69xp) -- C:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation)

    DRV - (LANPkt) -- C:\WINDOWS\system32\drivers\LANPkt.sys (Windows ® 2000 DDK provider)

    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

    DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser

    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=mtmh12052012

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\SearchScopes\{4EE2548F-5DDF-4D17-9FCA-A9783535AE25}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_en

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\SearchScopes\{776E2417-BB3E-495E-9D0C-B0AC2605FC89}: "URL" = http://www.mysearchresults.com/search?&c=2635&t=03&q={searchTerms}

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2009/09/26 19:23:35 | 000,000,000 | ---D | M]

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/09/26 19:23:35 | 000,000,000 | ---D | M]

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/09/26 19:23:35 | 000,000,000 | ---D | M]

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

    FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\HP_Administrator\Application Data\nprhapengine.dll File not found

    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/15 20:41:20 | 000,000,000 | ---D | M]

    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks [2010/12/20 20:53:36 | 000,000,000 | ---D | M]

    [2012/12/01 19:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: MyStart Search (Enabled)

    CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb196/?loc=IB_DS&search={searchTerms}&a=6OyVUJJlxu&i=26

    CHR - default_search_provider: suggest_url =

    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll

    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll

    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll

    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

    CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

    CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071706000001.dll

    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll

    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll

    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

    CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll

    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

    CHR - plugin: Java Deployment Toolkit 7.0.40.20 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

    CHR - Extension: avast! WebRep = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

    O1 HOSTS File: ([2012/12/08 13:14:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

    O1 - Hosts: 127.0.0.1 localhost

    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)

    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

    O3 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

    O3 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

    O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)

    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)

    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

    O4 - HKLM..\Run: [MyGarminAgent] C:\Program Files\Garmin\MyGarminAgent\myGarminAgent.exe ()

    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

    O4 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()

    O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

    O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKU\S-1-5-21-4233663647-1942647512-3799240583-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ File not found

    O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ File not found

    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

    O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ File not found

    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

    O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

    O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

    O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab (SentinelVE3D Class)

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)

    O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab (Reg Error: Key error.)

    O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)

    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)

    O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab (SentinelProxy Class)

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344607093531 (MUWebControl Class)

    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab (Java Plug-in 1.7.0_04)

    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx (CamImage Class)

    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)

    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab (Reg Error: Key error.)

    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (Reg Error: Key error.)

    O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)

    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)

    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)

    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)

    O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17)

    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)

    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (Reg Error: Key error.)

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe (Virtools WebPlayer Class)

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30155.www3.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326 (QDiagHUpdateObj Class)

    O16 - DPF: Comcast.Ocf.Cab http://www.comcastsupport.com/sdcxuser/oneclickfix/scripts/Comcast.Ocf.cab (Reg Error: Key error.)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AC2A2D4-1AC8-429C-B93F-426057F315BD}: DhcpNameServer = 75.75.76.76 75.75.75.75

    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

    O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2005/09/21 18:45:22 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

    O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

    O34 - HKLM BootExecute: (autocheck autochk *)

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = ComFile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/08 12:55:48 | 000,000,000 | RHSD | C] -- C:\cmdcons

    [2012/12/05 20:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine

    [2012/12/01 22:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-zip

    [2012/12/01 22:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\7-zip

    [2012/12/01 19:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

    [2012/12/01 19:09:31 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll

    [2012/12/01 19:09:31 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll

    [2012/12/01 19:09:31 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll

    [2012/12/01 19:09:31 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll

    [2012/12/01 19:09:30 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll

    [2012/12/01 19:09:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ARFC

    [2012/12/01 19:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\VisualBeeExe

    [2012/12/01 19:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\VisualBee

    [2012/11/24 17:48:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent

    [2012/11/17 16:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SketchUp 8

    [2008/12/21 21:29:59 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys

    [2008/01/29 18:51:10 | 000,677,343 | ---- | C] (Orban, Inc. ) -- C:\Program Files\setup_AAC_aacPlus_plugin_1_0_36.exe

    [2007/01/15 20:30:20 | 014,994,392 | ---- | C] (Macrovision Corporation) -- C:\Program Files\GoogleEarthWin.exe

    [2007/01/06 22:02:38 | 023,510,720 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx.exe

    [2006/12/30 20:38:58 | 000,545,752 | ---- | C] (Adobe Systems) -- C:\Program Files\sgc10_rdr80_DLM_en_US.exe

    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/12/08 16:07:01 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

    [2012/12/08 15:41:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

    [2012/12/08 15:21:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4233663647-1942647512-3799240583-1008UA.job

    [2012/12/08 13:14:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

    [2012/12/08 12:55:56 | 000,000,325 | RHS- | M] () -- C:\boot.ini

    [2012/12/08 10:42:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2012/12/08 10:42:15 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

    [2012/12/08 10:40:44 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

    [2012/12/08 10:40:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2012/12/08 10:40:38 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys

    [2012/12/07 22:28:17 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{586EFC3D-4784-43E3-A6C5-2F67F2045002}.job

    [2012/12/05 18:24:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable

    [2012/12/04 19:54:47 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk

    [2012/12/01 22:25:24 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\7-zip.lnk

    [2012/12/01 21:35:40 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

    [2012/12/01 20:49:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

    [2012/12/01 20:49:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

    [2012/12/01 19:04:26 | 006,969,809 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SmillaEnlarger-0.9.0.zip

    [2012/12/01 08:21:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4233663647-1942647512-3799240583-1008Core.job

    [2012/11/29 20:22:37 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk

    [2012/11/29 20:22:37 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

    [2012/11/17 16:48:37 | 000,001,773 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SketchUp 8.lnk

    [2012/11/17 14:18:54 | 000,376,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2012/11/17 12:54:31 | 000,446,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

    [2012/11/17 12:54:31 | 000,073,254 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    [2012/11/12 19:17:15 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2012/11/08 17:13:12 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/12/05 18:24:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable

    [2012/12/01 22:25:24 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\7-zip.lnk

    [2012/12/01 21:35:40 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

    [2012/12/01 19:09:29 | 001,008,496 | ---- | C] () -- C:\WINDOWS\System32\dmwu.exe

    [2012/12/01 19:09:29 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ImHttpComm.dll

    [2012/12/01 19:04:17 | 006,969,809 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SmillaEnlarger-0.9.0.zip

    [2012/11/17 16:48:37 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SketchUp 8.lnk

    [2012/08/02 11:20:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

    [2012/08/02 11:20:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

    [2012/08/02 11:20:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

    [2012/08/02 11:20:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

    [2012/08/02 11:20:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

    [2012/04/25 18:06:23 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2012/03/06 21:42:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

    [2012/03/02 20:30:39 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat

    [2012/02/14 19:14:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

    [2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll

    [2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll

    [2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe

    [2011/12/15 19:10:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI

    [2011/12/11 19:51:01 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

    [2011/12/11 19:51:01 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

    [2011/12/11 19:51:01 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

    [2011/12/11 19:51:01 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

    [2011/12/11 19:51:01 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

    [2011/12/11 19:51:01 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

    [2011/12/11 19:51:01 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

    [2011/12/11 19:51:01 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

    [2011/12/11 19:51:01 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

    [2011/12/11 19:51:01 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

    [2011/12/11 19:51:01 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

    [2011/12/11 19:51:01 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

    [2011/12/11 19:51:01 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

    [2011/12/11 19:51:01 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

    [2011/12/11 19:51:01 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

    [2011/12/11 19:51:01 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

    [2011/12/11 19:50:35 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfwad.bin

    [2011/12/11 19:49:36 | 000,000,035 | ---- | C] () -- C:\WINDOWS\PERFV33_330.ini

    [2011/11/16 20:40:38 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

    [2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

    [2011/07/12 16:29:56 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

    [2011/03/25 20:04:01 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\CoUninstall.dll

    [2011/03/25 19:14:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\camera.ini

    [2010/01/11 22:21:25 | 000,617,322 | RH-- | C] () -- C:\Documents and Settings\HP_Administrator\Backup Log

    [2008/12/28 22:19:29 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

    [2008/12/21 21:32:52 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Printer.ini

    [2008/12/21 21:29:59 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\inst.exe

    [2008/12/21 21:29:59 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.cat

    [2008/12/21 21:29:59 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.inf

    [2007/12/31 20:40:22 | 018,131,206 | ---- | C] () -- C:\Program Files\exPressit Memorex.zip

    [2007/06/12 19:29:19 | 000,000,114 | ---- | C] () -- C:\Program Files\64Winamp.pls

    [2007/05/29 20:05:07 | 000,055,088 | ---- | C] () -- C:\Program Files\MFInstall.exe

    [2007/01/06 22:01:02 | 003,993,441 | ---- | C] () -- C:\Program Files\PaintDotNet_3_0_Beta3_BetaNews.zip

    [2006/05/04 21:20:34 | 000,000,524 | ---- | C] () -- C:\Program Files\Shortcut to Microsoft Office.lnk

    [2006/03/03 19:20:56 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini

    [2005/12/19 16:26:37 | 000,001,262 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2004/11/16 23:28:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Both

    < End of report >


  15. Here it comes.

    ComboFix 12-12-07.01 - HP_Administrator 12/08/2012 13:01:22.5.2 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.548 [GMT -5:00]

    Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe

    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\documents and settings\All Users\Application Data\ism_0_llatsni.pad

    c:\documents and settings\All Users\Application Data\nud0repor.pad

    c:\documents and settings\HP_Administrator\Recent\attach.txt.zip

    c:\documents and settings\HP_Administrator\Recent\dds.txt.zip

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))

    .

    .

    2012-12-02 03:25 . 2012-12-02 03:25 -------- d-----w- c:\program files\7-zip

    2012-12-02 02:35 . 2012-12-02 02:35 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

    2012-12-02 00:09 . 2011-06-10 22:58 773968 ----a-w- c:\windows\system32\msvcr100.dll

    2012-12-02 00:09 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll

    2012-12-02 00:09 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll

    2012-12-02 00:09 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll

    2012-12-02 00:09 . 2011-06-10 22:58 421200 ----a-w- c:\windows\system32\msvcp100.dll

    2012-12-02 00:09 . 2012-12-02 00:23 -------- d-----w- c:\windows\system32\ARFC

    2012-12-02 00:09 . 2012-10-02 15:20 1008496 ----a-w- c:\windows\system32\dmwu.exe

    2012-12-02 00:09 . 2012-10-02 15:18 28160 ----a-w- c:\windows\system32\ImHttpComm.dll

    2012-12-02 00:07 . 2012-12-02 01:25 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\VisualBeeExe

    2012-12-02 00:05 . 2012-12-02 00:07 -------- d-----w- c:\documents and settings\All Users\VisualBee

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-12-02 01:49 . 2012-04-05 23:44 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-12-02 01:49 . 2011-06-02 01:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-10-30 23:51 . 2012-08-09 19:16 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2012-10-30 23:51 . 2012-08-09 19:16 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2012-10-30 23:51 . 2012-08-09 19:16 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

    2012-10-30 23:51 . 2012-08-09 19:16 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

    2012-10-30 23:51 . 2012-08-09 19:16 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

    2012-10-30 23:51 . 2012-08-09 19:16 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

    2012-10-30 23:51 . 2012-08-09 19:16 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2012-10-30 23:51 . 2012-08-09 19:16 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

    2012-10-30 23:51 . 2012-08-09 19:15 41224 ----a-w- c:\windows\avastSS.scr

    2012-10-30 23:50 . 2012-08-09 19:15 227648 ----a-w- c:\windows\system32\aswBoot.exe

    2012-10-22 08:37 . 2004-08-10 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys

    2012-10-02 18:04 . 2004-08-10 12:00 58368 ----a-w- c:\windows\system32\synceng.dll

    2012-09-29 23:54 . 2012-08-08 17:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

    2008-01-29 23:51 . 2008-01-29 23:51 677343 ----a-w- c:\program files\setup_AAC_aacPlus_plugin_1_0_36.exe

    2007-05-30 01:05 . 2007-05-30 01:05 55088 ----a-w- c:\program files\MFInstall.exe

    2007-01-16 01:30 . 2007-01-16 01:30 14994392 ----a-w- c:\program files\GoogleEarthWin.exe

    2007-01-07 03:02 . 2007-01-07 03:02 23510720 ----a-w- c:\program files\dotnetfx.exe

    2006-12-31 01:38 . 2006-12-31 01:38 545752 ----a-w- c:\program files\sgc10_rdr80_DLM_en_US.exe

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

    @="{472083B0-C522-11CF-8763-00608CC02F24}"

    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

    2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]

    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-08 39408]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]

    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

    "basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]

    "MyGarminAgent"="c:\program files\Garmin\MyGarminAgent\MyGarminAgent.exe" [2010-03-16 337256]

    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]

    "Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]

    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

    .

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "RunNarrator"="Narrator.exe" [2008-04-14 53760]

    .

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-12-25 270336]

    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

    .

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

    backup=c:\windows\pss\Updates from HP.lnkCommon Startup

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

    2005-02-17 04:11 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]

    2005-02-25 22:34 245760 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]

    2005-06-01 23:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

    2002-04-17 15:42 69632 ----a-w- c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

    "LightScribeService"=2 (0x2)

    "gusvc"=2 (0x2)

    "GoogleDesktopManager-061008-081103"=3 (0x3)

    "ose"=3 (0x3)

    "JavaQuickStarterService"=2 (0x2)

    "gupdate"=2 (0x2)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    "c:\\Program Files\\iTunes\\iTunes.exe"=

    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

    "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    "c:\\Program Files\\Rhapsody\\rhapsody.exe"=

    "c:\\WINDOWS\\system32\\dmwu.exe"=

    "c:\\WINDOWS\\system32\\ARFC\\wrtc.exe"=

    .

    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/9/2012 2:16 PM 738504]

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/9/2012 2:16 PM 361032]

    R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 12:49 PM 616408]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/9/2012 2:16 PM 21256]

    R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [12/25/2003 6:53 PM 8440]

    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/10/2012 4:19 PM 399432]

    R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [1/18/2012 1:44 AM 450848]

    R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [12/25/2003 6:53 PM 11237]

    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]

    S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12/1/2012 9:35 PM 35144]

    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/21/2008 9:29 PM 47360]

    S3 usbcamcl;Driver for video Device;c:\windows\system32\drivers\usbcamcl.sys [3/25/2011 8:04 PM 31104]

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 01:49]

    .

    2012-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

    .

    2012-12-08 c:\windows\Tasks\avast! Emergency Update.job

    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-09 23:50]

    .

    2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 00:25]

    .

    2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 00:25]

    .

    2012-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233663647-1942647512-3799240583-1008Core.job

    - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-12 13:06]

    .

    2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233663647-1942647512-3799240583-1008UA.job

    - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-12 13:06]

    .

    2012-10-28 c:\windows\Tasks\PhotoStageReminder.job

    - c:\program files\NCH Software\PhotoStage\photostage.exe [2012-10-28 04:41]

    .

    2012-12-08 c:\windows\Tasks\User_Feed_Synchronization-{586EFC3D-4784-43E3-A6C5-2F67F2045002}.job

    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

    .

    2012-10-29 c:\windows\Tasks\videopadShakeIcon.job

    - c:\program files\NCH Software\VideoPad\videopad.exe [2012-10-28 02:25]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh12052012

    uInternet Settings,ProxyOverride = *.local

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

    DPF: Comcast.Ocf.Cab - hxxp://www.comcastsupport.com/sdcxuser/oneclickfix/scripts/Comcast.Ocf.cab

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Toolbar-Locked - (no file)

    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe

    HKLM-Run-Aimersoft Helper Compact.exe - c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

    AddRemove-WNLT - c:\windows\system32\WNLT\Installation\uninstaller.exe

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2012-12-08 13:14

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @DACL=(02 0010)

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @DACL=(02 0010)

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @DACL=(02 0010)

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'winlogon.exe'(752)

    c:\windows\system32\Ati2evxx.dll

    c:\program files\CA\PPRT\bin\CACheck.dll

    c:\program files\CA\PPRT\bin\CAHook.dll

    c:\program files\CA\PPRT\bin\CAServer.dll

    .

    Completion time: 2012-12-08 13:18:47

    ComboFix-quarantined-files.txt 2012-12-08 18:18

    ComboFix2.txt 2012-08-10 14:43

    ComboFix3.txt 2012-08-10 13:34

    ComboFix4.txt 2012-08-07 20:24

    ComboFix5.txt 2012-12-08 17:53

    .

    Pre-Run: 84,366,020,608 bytes free

    Post-Run: 84,815,155,200 bytes free

    .

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    UnsupportedDebug="do not select this" /debug

    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    .

    - - End Of File - - B3CBB8C28CCFE994176CFA9C64786A65


  16. I assume that combofix ran.....I don't see it as an icon anywhere, but at the beginning of the log.txt-Notepad , this is the beginning :

    ComboFix 12-12-07.01 - HP_Administrator 12/08/2012 13:01:22.5.2 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.548 [GMT -5:00]

    Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe

    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D

    What do you think ?

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.