Symesko

I haven't had any redirects in the past few days, so it seems to be better.

kbd101V.zip I ran it through VirusTotal, it came up with detection ratio of 14/45. I have uploaded a zipped copy of the file in this post as well so you can inspect it further.

GrantPerms by Farbar Ran by Symesko (administrator) at 2012-12-22 12:41:21 =============================================== \\?\C:\Windows\SysWOW64\kbd101V.dll Owner: BUILTIN\Administrators DACL(NP)(AI): NT AUTHORITY\SYSTEM FULL ALLOW (I) BUILTIN\Administrators FULL ALLOW (I) BUILTIN\Users READ/EXECUTE ALLOW (I) This is the result, i'll try working with the file now. I'll try to run the tool you asked me to use first, if that doesn't work, I'll zip it and upload it in my next post.

The file was in C:\Windows\SysWOW64\ I could zip all the other files in the folder(that I attempted), it was only this file that as blocked from my access. I'm not sure why there would be a Japanese Keyboard Layout on my comp, unless it's something that comes with a language pack. I know I've never installed that directly. The addon I was referring to was a World of Warcraft addon... they are like mods which change the UI of the game.

It hasn't been redirecting me for the past few days... hopefully we have solved the issue, whether it was that file, or the addon that I removed.

It won't let me zip it. I disabled my AV in case it was that blocking me, but it keeps saying "File not found or no read permission".

I restored the file, but when I went to the website it wouldn't let me "open" that file. A window popped up saying I didn't have permission and had to contact the owner or admin. I'm the only user on this computer and I have Admin rights. I tried to open a half dozen other files in the folder, and had zero issues. While I had the file restored, I tried some searches but didn't get redirected. One thing I have done is changed an addon I use with World of Warcraft, and I've done that within the past few days. I removed the old one from my computer, and I know that addons for that game are notorious for having virus' in them. I would almost think that when re-installed WoW was about the time the re-directs started, but I can't be 100% on that. My AV keeps picking up that file, so I have removed it again. I haven't used any of the extensions.

I ran a full search today with my Anti-Virus and it picked up a threat with it removed. It was a Trojan Horse *Generic29.akvz* Actual file name was kbd101V.dll

Here is the log from Silent Runners "Silent Runners.vbs", revision 64, http://www.silentrunners.org/ Operating System: Microsoft Windows 7 Home Premium Service Pack 1 (64-bit) Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} LightScribe Control Panel = C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [Hewlett-Packard Company] Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS] ISUSPM = "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [Acresso Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe SmartMenu = C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [null data] HPWirelessAssistant = C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [null data] SysTrayApp = C:\Program Files\IDT\WDM\sttray64.exe CanonMyPrinter = C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [CANON INC.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} mcui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [McAfee, Inc.] Lachesis = C:\Program Files (x86)\Razer\Lachesis\razerhid.exe [empty string] TRUUpdater = "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground [sierra Wireless, Inc.] WatcherHelper = "C:\Program Files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe" [sierra Wireless Inc.] StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.] HP Quick Launch = C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [Hewlett-Packard Development Company, L.P.] APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.] CanonSolutionMenuEx = C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [CANON INC.] QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Apple Inc.] SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [sun Microsystems, Inc.] Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.] AVG_UI = "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [AVG Technologies CZ, s.r.o.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub -> {HKLM…Wow…CLSID} = Adobe PDF Link Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = Java Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = Java Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MOBK\(Default) = {3c3f3c1a-9153-7c05-f938-622e7003894d} -> {HKLM…CLSID} = McAfee Online Backup Shell Extensions \InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.] MOBK2\(Default) = {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} -> {HKLM…CLSID} = McAfee Online Backup Shell Extensions Icon Overlay 2 \InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.] MOBK3\(Default) = {b4caf489-1eec-c617-49ad-8d7088598c06} -> {HKLM…CLSID} = McAfee Online Backup Shell Extensions Icon Overlay 3 \InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {5FCD4425-CA3A-48F4-A57C-B8A75C32ACB1} = NSE_WithSubFld -> {HKLM…CLSID} = NSE_WithSubFld \InProcServer32\(Default) = C:\Program Files (x86)\Hewlett-Packard\Recovery\Protect.dll [null data] {5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension -> {HKLM…CLSID} = SimpleShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.] {2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [synaptics Incorporated] {3c3f3c1a-9153-7c05-f938-622e7003894d} = McAfee Online Backup Shell Extensions -> {HKLM…CLSID} = McAfee Online Backup Shell Extensions \InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.] {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} = McAfee Online Backup Shell Extensions Icon Overlay 2 -> {HKLM…CLSID} = McAfee Online Backup Shell Extensions Icon Overlay 2 \InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.] {b4caf489-1eec-c617-49ad-8d7088598c06} = McAfee Online Backup Shell Extensions Icon Overlay 3 -> {HKLM…CLSID} = McAfee Online Backup Shell Extensions Icon Overlay 3 \InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.] {781bca65-20ed-8f6a-368f-b523ec4f51b2} = McAfee Online Backup Shell Extensions NSE -> {HKLM…CLSID} = McAfee Online Backup \InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension -> {HKLM…CLSID} = DisplayCplExt Class \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.] {1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71} = Microsoft Image Composite Editor -> {HKCU…CLSID} = CShellStitcher Object \InProcServer32\(Default) = C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll [file not found] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes -> {HKLM…CLSID} = iTunes \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.] {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension -> {HKLM…CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgsea.dll [AVG Technologies CZ, s.r.o.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {DBD8E168-244D-448C-9922-25508950D1DC} = Ulead UDF Driver -> {HKLM…Wow…CLSID} = USIShellExt Class \InProcServer32\(Default) = c:\Program Files (x86)\Common Files\Ulead Systems\DVD\USIShex.dll [ulead Systems, Inc.] {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension -> {HKLM…Wow…CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <<!>> (DPPassFilter [DigitalPersona, Inc.]) Notification Packages = DPPassFilter|scecli HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <<!>> (livessp [MS]) Security Packages = kerberos|msv1_0|schannel|wdigest|tspkg|pku2u|livessp HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\ {FD2AB138-F9A8-4ab6-9095-EEE7AF8B6C28}\(Default) = DigitalPersona Credential Provider Filter -> {HKLM…CLSID} = ProvFilter Class \InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {2A16DF2F-490B-4F2B-8C68-21EF46FCCC37}\(Default) = DigitalPersona Password Credential Provider -> {HKLM…CLSID} = PswWrapProv Class \InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.] {3ADC7042-51AF-4D0F-BD1D-4D6965A77323}\(Default) = DigitalPersona Fingerprint Credential Provider -> {HKLM…CLSID} = FingerProv Class \InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.] {4C0F0D42-DA2D-45da-85BC-B7A1AB53BF65}\(Default) = DigitalPersona CryptoToken Credential Provider -> {HKLM…CLSID} = TokenProv Class \InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.] {57E84B57-5533-4624-AB49-E29C8C5489D6}\(Default) = DigitalPersona External Credential Provider -> {HKLM…CLSID} = ExternalProv Class \InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.] {70099717-17C8-4BD0-B3D4-FAF721AB1A62}\(Default) = DigitalPersona Smartcard Credential Provider -> {HKLM…CLSID} = SCardWrapProv Class \InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.] {F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = WLIDCredentialProvider -> {HKLM…CLSID} = WLIDCredentialProvider \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> application/x-mfe-ipt\CLSID = {3EF5086B-5478-4598-A054-786C45D75692} -> {HKLM…CLSID} = McInternetProtocolRoot Class \InProcServer32\(Default) = c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL [McAfee, Inc.] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> dssrequest\CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5} -> {HKLM…CLSID} = McAfee SACore Protocol Handler \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.] <<!>> sacore\CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5} -> {HKLM…CLSID} = McAfee SACore Protocol Handler \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ {1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\(Default) = (no title provided) -> {HKCU…CLSID} = CShellStitcher Object \InProcServer32\(Default) = C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll [file not found] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM…CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgsea.dll [AVG Technologies CZ, s.r.o.] Corel.Paint.Shop.Pro.Photo\(Default) = {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7} -> {HKLM…CLSID} = PSPContextMenu Class \InProcServer32\(Default) = c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll [null data] McCtxMenuFrmWrk\(Default) = {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} -> {HKLM…CLSID} = McCtxFrmWrk Class \InProcServer32\(Default) = c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL [McAfee, Inc.] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM…CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] MOBK\(Default) = {3c3f3c1a-9153-7c05-f938-622e7003894d} -> {HKLM…CLSID} = McAfee Online Backup Shell Extensions \InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ Corel.Paint.Shop.Pro.Photo\(Default) = {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7} -> {HKLM…CLSID} = PSPContextMenu Class \InProcServer32\(Default) = c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll [null data] MOBK\(Default) = {3c3f3c1a-9153-7c05-f938-622e7003894d} -> {HKLM…CLSID} = McAfee Online Backup Shell Extensions \InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000} -> {HKLM…CLSID} = SimpleShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.] MOBK\(Default) = {3c3f3c1a-9153-7c05-f938-622e7003894d} -> {HKLM…CLSID} = McAfee Online Backup Shell Extensions \InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM…CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgsea.dll [AVG Technologies CZ, s.r.o.] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM…CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] McCtxMenuFrmWrk\(Default) = {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} -> {HKLM…CLSID} = McCtxFrmWrk Class \InProcServer32\(Default) = c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL [McAfee, Inc.] MOBK\(Default) = {3c3f3c1a-9153-7c05-f938-622e7003894d} -> {HKLM…CLSID} = McAfee Online Backup Shell Extensions \InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.com\(Default) = ComFile Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\ NoChangingWallpaper = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|Control Panel|Display| Disable changing wallpaper} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} DisableTaskMgr = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Symesko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ CDSUnknownContentOnArrival\ Provider = Corel VideoStudio Pro InvokeProgID = CorelDigitalStudio.AutoPlay InvokeVerb = CDSUnknownContentOnArrival HKLM\SOFTWARE\Classes\CorelDigitalStudio.AutoPlay\shell\CDSUnknownContentOnArrival\Command\(Default) = c:\Program Files (x86)\Corel\Corel VideoStudio Pro X3\vstudio.exe /T:UVSClassic /parameters:Step=0,Handler=UnknownContentOnArrival,DeviceHint=%1 [Corel TW Corp.] CDSVideoCameraArrival\ Provider = Corel VideoStudio Pro ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "c:\Program Files (x86)\Corel\Corel VideoStudio Pro X3\\vstudio.exe" /T:UVSClassic /parameters:Step=0,Handler=VideoCameraArrival,DeviceHint=%1 HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM…CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] Corel PaintShop Photo Pro X3ShowPicturesOnArrivalHandler\ Provider = Corel PaintShop Photo Pro X3 InvokeProgID = PaintShopPhotoProX3.Image InvokeVerb = Review HKLM\SOFTWARE\Classes\PaintShopPhotoProX3.Image\shell\Review\command\(Default) = "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" /Review "%1" [Corel, Inc.] HPMSDVDPlayBluRayArrival\ Provider = HP MediaSmart DVD InvokeProgID = BD InvokeVerb = PlayWithHPMediaSmartDVD HKLM\SOFTWARE\Classes\BD\shell\PlayWithHPMediaSmartDVD\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.] HPMSDVDPlayDVDMovieOnArrival\ Provider = HP MediaSmart DVD InvokeProgID = DVD InvokeVerb = PlayWithHPMediaSmartDVD HKLM\SOFTWARE\Classes\DVD\shell\PlayWithHPMediaSmartDVD\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.] HPMSDVDPlayVCDMovieOnArrival\ Provider = HP MediaSmart DVD InvokeProgID = VCD InvokeVerb = PlayWithHPMediaSmartDVD HKLM\SOFTWARE\Classes\VCD\shell\PlayWithHPMediaSmartDVD\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.] iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] MediaSmartDVFilesArrival\ Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\MUITransfer\HPEnvRes.dll,-101 ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe" video dv HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM…CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] MediaSmartPhotoPictureFilesArrival\ Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\MUITransfer\HPEnvRes.dll,-101 InvokeProgID = Picture InvokeVerb = PlayWithMediaSmartPhoto HKLM\SOFTWARE\Classes\Picture\shell\PlayWithMediaSmartPhoto\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe" photo import "%L" [CyberLink Corp.] MediaSmartVideoFilesArrival\ Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\MUITransfer\HPEnvRes.dll,-101 InvokeProgID = VideoFiles InvokeVerb = PlayWithMediaSmartVideo HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithMediaSmartVideo\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe" video import "%L" [CyberLink Corp.] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMEncVCArrival\ Provider = Windows Media Encoder 9 Series ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM…CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] P2GCDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankCD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.] P2GDVDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankDVD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.] PDirDVArrival\ Provider = PowerDirector ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.exe" /DV HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM…CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] Power2GoPlayCDAudioOnArrival\ Provider = Power2Go InvokeProgID = AudioCD InvokeVerb = PlayWithPower2Go HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.] PStarterBlankCDArrival\ Provider = DVD Suite InvokeProgID = BlankCD InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.] PStarterDVDBurningOnArrival\ Provider = DVD Suite InvokeProgID = BlankDVD InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.] PStarterMixedCDArrival\ Provider = DVD Suite InvokeProgID = MixedContent InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.] PStarterMusicFilesArrival\ Provider = DVD Suite InvokeProgID = MusicFiles InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.] PStarterPicturesArrival\ Provider = DVD Suite InvokeProgID = Picture InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.] PStarterVideoFilesArrival\ Provider = DVD Suite InvokeProgID = VideoFiles InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.] WIA_{6D96E87A-CE06-4458-9F7E-4BF6045132A4}\ Provider = Corel PaintShop Photo Pro X3 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe -wialaunch; -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{BEE6156E-FF18-4592-BA31-53457140584C}\ Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\MUITransfer\HPEnvRes.dll,-101 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe.exe photo import wpd %1 %2; -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{C499E75D-9B79-43AB-A21D-0FC1B4BC46AC}\ Provider = MP Navigator EX Ver4.0 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{F5C7F58A-12E5-4357-8B2F-5F8057D8EF70}\ Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\MUITransfer\HPEnvRes.dll,-101 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe.exe video import wpd %1 %2; -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{F7BDBE51-11D0-4A03-A256-9EB6D68762EB}\ Provider = Corel PaintShop Photo Pro X3 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe -wialaunch /StiDevice:%1 /StiEvent:%2; -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Startup items in "Symesko" & "All Users" startup folders: --------------------------------------------------------- C:\Users\Symesko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup <<!>> CurseClientStartup.ccip [null data] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup McAfee Security Scan Plus -> shortcut to: C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [McAfee, Inc.] Windows Sidebar Gadgets: ------------------------ C:\Users\Symesko\AppData\Local\Microsoft\Windows Sidebar\Settings.ini "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCurrency.Gadget" "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCalendar.Gadget" "C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CAVG.Gadget%5C" Non-disabled Scheduled Tasks: ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] HPCeeScheduleForSymesko -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForSymesko (null) [null data] MirageAgent -> (HIDDEN!) launches: C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [CyberLink] Nwqp -> launches: C:\Windows\system32\rundll32.exe "C:\Windows\SysWOW64\kbd101V.dll",zoqpo [MS] RecoveryCDWin7 -> launches: "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" RecoveryCDWin7 ShowMessageTask [null data] ServicePlan -> launches: "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" ServicePlan ShowMessageTask15D [null data] {7B5720EF-B4A5-4230-9FA7-306AE8034B20} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Symesko\Downloads\PokerStarsInstall(1).exe -d "C:\Program Files (x86)\Mozilla Firefox" [MS] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant HP Support Assistant Quick Start -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart [null data] PC Health Analysis -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis [null data] Update Check -> launches: C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe /s /p 1 [null data] Warranty Opt-In(No) -> launches: c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe /EventId=2 [null data] Warranty Opt-In(Yes) -> launches: c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe /EventId=1 [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM…Wow…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM…CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM…CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM…CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM…CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM…Wow…CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM…CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM…CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM…CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM…CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM…CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM…CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM…Wow…CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM…CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM…Wow…CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM…Wow…CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000006\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000007\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000008\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000009\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} = McAfee SiteAdvisor -> {HKLM…CLSID} = McAfee SiteAdvisor Toolbar \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} = McAfee SiteAdvisor -> {HKLM…Wow…CLSID} = McAfee SiteAdvisor Toolbar \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [McAfee, Inc.] {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} = Canon Easy-WebPrint EX -> {HKLM…Wow…CLSID} = Canon Easy-WebPrint EX \InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM…Wow…CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS] {25510184-5A38-4A99-B273-DCA8EEF6CD08}\ ButtonText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 MenuText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 Exec = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [null data] {3AD14F0C-ED16-4E43-B6D8-661B03F6A1EF}\ ButtonText = PokerStars Exec = C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe [PokerStars] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD] AMD FUEL Service, AMD FUEL Service, C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [Advanced Micro Devices, Inc.] AMD Reservation Manager, AMD Reservation Manager, "C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe" [Advanced Micro Devices] Andrea ST Filters Service, AESTFilters, C:\Program Files\IDT\WDM\AESTSr64.exe [Andrea Electronics Corporation] Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] Application Host Helper Service, AppHostSvc, C:\Windows\system32\svchost.exe -k apphost {C:\Windows\system32\inetsrv\apphostsvc.dll [MS]} Application Virtualization Client, sftlist, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [MS] Application Virtualization Service Agent, sftvsa, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [MS] Audio Service, STacSV, C:\Program Files\IDT\WDM\STacSV64.exe [iDT, Inc.] Authentication Service, DpHost, C:\Program Files\DigitalPersona\Bin\DpHostW.exe [DigitalPersona, Inc.] AVG WatchDog, avgwd, "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.] AVGIDSAgent, AVGIDSAgent, "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [AVG Technologies CZ, s.r.o.] Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] Canon Inkjet Printer/Scanner/Fax Extended Survey Program, IJPLMSVC, C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [null data] Client Virtualization Handler, cvhsvc, "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [MS] HP Service, hpsrv, C:\Windows\system32\Hpservice.exe [Hewlett-Packard Company] HP Software Framework Service, hpqwmiex, "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [Hewlett-Packard Company] HP Support Assistant Service, HP Support Assistant Service, "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [null data] HP Wireless Assistant Service, HP Wireless Assistant Service, "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [null data] HPWMISVC, HPWMISVC, C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [Hewlett-Packard Development Company, L.P.] iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.] LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" [Hewlett-Packard Company] McAfee Anti-Spam Service, MSK80Service, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.] McAfee Firewall Core Service, mfefire, "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [McAfee, Inc.] McAfee McShield, McShield, "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [McAfee, Inc.] McAfee Network Agent, McNASvc, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.] McAfee Online Backup, MOBKbackup, "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [McAfee, Inc.] McAfee Personal Firewall Service, McMPFSvc, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.] McAfee Proxy Service, McProxy, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.] McAfee Services, mcmscsvc, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.] McAfee SiteAdvisor Service, McAfee SiteAdvisor Service, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.] McAfee Validation Trust Protection Service, mfevtp, "C:\Windows\system32\mfevtps.exe" [McAfee, Inc.] McAfee VirusScan Announcer, McNaiAnn, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.] Net.Pipe Listener Adapter, NetPipeActivator, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [MS] Net.Tcp Listener Adapter, NetTcpActivator, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [MS] Net.Tcp Port Sharing Service, NetTcpPortSharing, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [MS] Validity VCS Fingerprint Service, vcsFPService, C:\Windows\system32\vcsFPService.exe [Validity Sensors, Inc.] Windows Process Activation Service, WAS, C:\Windows\system32\svchost.exe -k iissvcs {C:\Windows\system32\inetsrv\iisw3adm.dll [MS]} World Wide Web Publishing Service, W3SVC, C:\Windows\system32\svchost.exe -k iissvcs {C:\Windows\system32\inetsrv\iisw3adm.dll [MS]} Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <<!>> mcmscsvc, (title not found) <<!>> MCODS, (title not found) HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <<!>> DpHost, Service <<!>> McMPFSvc, Service <<!>> mcmscsvc, (title not found) <<!>> MCODS, (title not found) <<!>> mfefire, Driver <<!>> mfefirek, Driver <<!>> mfefirek.sys, Driver <<!>> mfehidk, Driver <<!>> mfehidk.sys, Driver <<!>> mfevtp, Driver Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor MP495 series\Driver = CNMLMA9.DLL [CANON INC.] Canon BJNP Port\Driver = CNMN6PPM.DLL [CANON INC.] PCL hpf3lw73\Driver = hpf3lw73.dll [Hewlett-Packard Company] ---------- (launch time: 2012-12-19 10:55:50) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 109 seconds, including 16 seconds for message boxes)

After running a few searches, I'm still getting re-directed.

I ran the NPE tool, it found and removed 3 "threats" Curse Client, Junk Removal Tool, and rikvm_c6f09094.sys

Ran the full scan, took 8 hours, came back completely clean.

Okay, I ran the quick scan with the MSS tool, it came up clean. I can run the full scan if you need.

<p>Here is the log file</p> <p> </p> <p> </p> <div>All processes killed</div> <div>========== OTL ==========</div> <div>64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.</div> <div>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.</div> <div>64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.</div> <div>64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.</div> <div>Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.</div> <div>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.</div> <div>========== COMMANDS ==========</div> <div> </div> <div>[EMPTYJAVA]</div> <div> </div> <div>User: All Users</div> <div> </div> <div>User: Default</div> <div> </div> <div>User: Default User</div> <div> </div> <div>User: DefaultAppPool</div> <div> </div> <div>User: postgres</div> <div> </div> <div>User: Public</div> <div> </div> <div>User: Symesko</div> <div>->Java cache emptied: 3248641 bytes</div> <div> </div> <div>Total Java Files Cleaned = 3.00 mb</div> <div> </div> <div> </div> <div>[EMPTYTEMP]</div> <div> </div> <div>User: All Users</div> <div> </div> <div>User: Default</div> <div>->Temp folder emptied: 0 bytes</div> <div>->Temporary Internet Files folder emptied: 67 bytes</div> <div> </div> <div>User: Default User</div> <div>->Temp folder emptied: 0 bytes</div> <div>->Temporary Internet Files folder emptied: 0 bytes</div> <div> </div> <div>User: DefaultAppPool</div> <div>->Temp folder emptied: 0 bytes</div> <div>->Temporary Internet Files folder emptied: 67 bytes</div> <div> </div> <div>User: postgres</div> <div>->Temp folder emptied: 0 bytes</div> <div>->Temporary Internet Files folder emptied: 67 bytes</div> <div> </div> <div>User: Public</div> <div>->Temp folder emptied: 0 bytes</div> <div> </div> <div>User: Symesko</div> <div>->Temp folder emptied: 16733501 bytes</div> <div>->Temporary Internet Files folder emptied: 14290906 bytes</div> <div>->Java cache emptied: 0 bytes</div> <div>->Google Chrome cache emptied: 46498203 bytes</div> <div>->Flash cache emptied: 826 bytes</div> <div> </div> <div>%systemdrive% .tmp files removed: 0 bytes</div> <div>%systemroot% .tmp files removed: 0 bytes</div> <div>%systemroot%\System32 .tmp files removed: 0 bytes</div> <div>%systemroot%\System32 (64bit) .tmp files removed: 69032 bytes</div> <div>%systemroot%\System32\drivers .tmp files removed: 0 bytes</div> <div>Windows Temp folder emptied: 13388735 bytes</div> <div>%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 73916 bytes</div> <div>RecycleBin emptied: 0 bytes</div> <div> </div> <div>Total Files Cleaned = 87.00 mb</div> <div> </div> <div> </div> <div>[EMPTYFLASH]</div> <div> </div> <div>User: All Users</div> <div> </div> <div>User: Default</div> <div> </div> <div>User: Default User</div> <div> </div> <div>User: DefaultAppPool</div> <div> </div> <div>User: postgres</div> <div> </div> <div>User: Public</div> <div> </div> <div>User: Symesko</div> <div>->Flash cache emptied: 0 bytes</div> <div> </div> <div>Total Flash Files Cleaned = 0.00 mb</div> <div> </div> <div> </div> <div>OTL by OldTimer - Version 3.2.69.0 log created on 12142012_195553</div> <div> </div> <div>Files\Folders moved on Reboot...</div> <div>C:\Users\Symesko\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.</div> <div> </div> <div>PendingFileRenameOperations files...</div> <div> </div> <div>Registry entries deleted on Reboot...</div> <div> </div> <div> </div> <div>The Internet connection in this hotel isn't the best, so I may have to wait to run that tool. I'll post once it's run.</div>

OTL logfile created on: 12/13/2012 11:01:10 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Symesko\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 5.75 Gb Total Physical Memory | 4.29 Gb Available Physical Memory | 74.69% Memory free 11.49 Gb Paging File | 9.07 Gb Available in Paging File | 78.96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 909.42 Gb Total Space | 656.83 Gb Free Space | 72.22% Space Free | Partition Type: NTFS Drive D: | 21.79 Gb Total Space | 3.18 Gb Free Space | 14.57% Space Free | Partition Type: NTFS Drive F: | 98.71 Mb Total Space | 88.57 Mb Free Space | 89.73% Space Free | Partition Type: FAT32 Computer Name: SYMESKO-LT | User Name: Symesko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/13 22:59:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Symesko\Desktop\OTL.exe PRC - [2012/12/08 23:16:05 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe PRC - [2012/11/27 20:43:18 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012/10/31 11:30:36 | 000,659,672 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010/06/24 22:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe PRC - [2010/04/05 12:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/12/10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe PRC - [2009/12/10 02:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe PRC - [2009/11/10 18:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe PRC - [2009/11/04 16:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razertra.exe PRC - [2009/04/20 09:48:42 | 000,053,248 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe PRC - [2009/03/09 14:07:04 | 000,554,264 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe PRC - [2008/10/20 14:32:48 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe PRC - [2007/08/16 17:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files (x86)\Razer\Lachesis\OSD.exe PRC - [2007/06/05 10:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Lachesis\razerofa.exe ========== Modules (No Company Name) ========== MOD - [2012/11/27 20:43:17 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll MOD - [2012/11/27 20:43:16 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll MOD - [2012/11/27 20:43:15 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll MOD - [2012/11/27 20:42:30 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libglesv2.dll MOD - [2012/11/27 20:42:29 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libegl.dll MOD - [2012/11/27 20:42:22 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avutil-51.dll MOD - [2012/11/27 20:42:21 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll MOD - [2012/11/27 20:42:21 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avformat-54.dll MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/22 13:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2010/11/22 13:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010/11/22 13:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009/11/10 18:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe MOD - [2009/11/04 16:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razertra.exe MOD - [2009/03/09 13:59:24 | 000,218,392 | ---- | M] () -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/11/16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2012/11/09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012/11/09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012/11/09 06:33:08 | 000,241,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2011/04/20 18:02:16 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011/02/01 22:24:33 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2011/02/01 22:24:32 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2011/01/04 22:07:10 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/09/15 10:30:34 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010/06/17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV:64bit: - [2010/02/23 07:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/12/11 21:52:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010/06/29 20:51:12 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094) SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup) SRV - [2010/04/05 12:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/23 07:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/12/10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/11/09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2012/11/09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012/11/09 06:36:30 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012/11/09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012/11/09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012/11/09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012/11/09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011/04/26 02:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/01 22:24:33 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/01/21 18:48:46 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2011/01/21 18:48:46 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/10/27 01:32:55 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/08/24 09:45:08 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbicp.sys -- (uisp) DRV:64bit: - [2010/06/24 22:32:52 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/05/06 06:21:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter) DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010/02/08 22:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/11/27 18:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/10/16 21:09:14 | 000,029,952 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/02/27 15:56:56 | 000,202,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) DRV:64bit: - [2009/02/27 15:51:40 | 000,198,408 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (SWMX00) DRV:64bit: - [2008/09/16 14:18:40 | 000,031,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/09/16 14:18:40 | 000,031,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\swmsflt.sys -- (swmsflt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error. IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error. IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{362241FC-7EFA-4221-8898-51DBB3C51684}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{85F267E2-6A69-4D86-92A6-D573E712C412}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{9EA4E6D6-2A3C-46A2-9F51-502F02495DE4}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl IE - HKLM\..\SearchScopes\{B503DCCC-5DA5-44DC-A6F6-ED6879F4AEF0}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4 IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPCON/4 IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4 IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1004\..\SearchScopes,DefaultScope = ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/07/29 19:07:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/11/09 16:17:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/11/14 21:21:49 | 000,000,000 | ---D | M] [2012/12/10 08:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/05/28 08:29:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012/03/17 15:57:05 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml ========== Chrome ========== CHR - homepage: about:blank CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: about:blank CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.123.1_0\McChPlg.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: Google Drive = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SiteAdvisor = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.123.1_0\ CHR - Extension: Gmail = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/12/04 19:09:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TRUUpdater] C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.) O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe (Sierra Wireless Inc.) O4 - HKU\S-1-5-21-3995993713-3184066139-968692001-1001..\Run: [iSUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-3995993713-3184066139-968692001-1004..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe () O4 - HKU\S-1-5-21-3995993713-3184066139-968692001-1004..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3995993713-3184066139-968692001-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Symesko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3995993713-3184066139-968692001-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.18.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36B19133-7C9A-45EE-95D1-EB804ED02A2D}: DhcpNameServer = 192.168.18.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD07131E-5218-4DA1-9F97-E33433D24BA1}: DhcpNameServer = 184.151.118.254 70.28.245.227 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2C6E474-AE3E-4CAC-858F-43F0D53B4844}: DhcpNameServer = 8.8.8.8 8.8.4.4 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/13 23:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012/12/13 22:58:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Symesko\Desktop\OTL.exe [2012/12/10 08:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/12/09 20:46:34 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/12/08 23:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/12/08 23:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012/12/05 23:28:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2012/12/05 23:20:36 | 000,000,000 | ---D | C] -- C:\JRT [2012/12/05 23:20:16 | 000,914,301 | ---- | C] (Chilkat Software, Inc.) -- C:\Users\Symesko\Desktop\JRT.exe [2012/12/05 23:15:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/12/04 19:12:49 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/12/04 18:50:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/12/04 18:50:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/12/04 18:50:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/12/04 18:42:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/12/04 18:41:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/12/04 18:15:03 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\Symesko\Desktop\ComboFix.exe [2012/12/03 21:04:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Symesko\Desktop\tdsskiller.exe [2012/12/03 20:07:07 | 000,000,000 | ---D | C] -- C:\Users\Symesko\Desktop\RK_Quarantine [2012/12/03 18:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/12/03 18:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/12/03 18:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/12/03 18:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/12/03 18:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/11/21 19:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [2012/11/21 19:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} [2012/11/14 19:05:28 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/13 22:59:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Symesko\Desktop\OTL.exe [2012/12/13 22:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/13 22:26:48 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/13 21:43:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/13 21:43:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/13 21:34:34 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012/12/13 21:34:31 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\Nwqp.job [2012/12/13 21:34:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/13 21:34:21 | 331,534,335 | -HS- | M] () -- C:\hiberfil.sys [2012/12/12 19:26:09 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/12 03:24:14 | 000,312,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/10 08:44:07 | 000,001,437 | ---- | M] () -- C:\Users\Symesko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/12/10 08:36:35 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012/12/10 08:36:34 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012/12/10 08:21:36 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012/12/09 20:57:04 | 000,859,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/09 20:12:21 | 000,856,731 | ---- | M] () -- C:\Users\Symesko\Desktop\SecurityCheck (1).exe [2012/12/08 23:16:39 | 000,002,289 | ---- | M] () -- C:\Users\Symesko\Desktop\Google Chrome.lnk [2012/12/05 23:20:20 | 000,914,301 | ---- | M] (Chilkat Software, Inc.) -- C:\Users\Symesko\Desktop\JRT.exe [2012/12/05 23:20:20 | 000,723,156 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/05 23:20:20 | 000,145,166 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/05 06:59:52 | 000,540,743 | ---- | M] () -- C:\Users\Symesko\Desktop\adwcleaner.exe [2012/12/04 19:09:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/12/04 18:15:15 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\Symesko\Desktop\ComboFix.exe [2012/12/03 21:06:25 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Symesko\Desktop\tdsskiller.exe [2012/12/03 20:06:15 | 000,752,128 | ---- | M] () -- C:\Users\Symesko\Desktop\RogueKiller.exe [2012/12/03 18:10:42 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/11/28 03:20:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSymesko.job [2012/11/21 19:54:04 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/10 08:36:35 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012/12/10 08:36:34 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012/12/10 08:21:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012/12/10 08:21:36 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012/12/09 20:12:19 | 000,856,731 | ---- | C] () -- C:\Users\Symesko\Desktop\SecurityCheck (1).exe [2012/12/08 23:16:39 | 000,002,289 | ---- | C] () -- C:\Users\Symesko\Desktop\Google Chrome.lnk [2012/12/08 23:16:14 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/08 23:16:12 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/05 06:59:43 | 000,540,743 | ---- | C] () -- C:\Users\Symesko\Desktop\adwcleaner.exe [2012/12/04 18:50:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/12/04 18:50:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/12/04 18:50:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/12/04 18:50:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/12/04 18:50:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/12/03 20:06:08 | 000,752,128 | ---- | C] () -- C:\Users\Symesko\Desktop\RogueKiller.exe [2012/12/03 18:10:42 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/11/21 19:54:04 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2012/11/16 03:12:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/16 03:03:15 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/08/07 20:32:58 | 000,135,168 | RHS- | C] () -- C:\Windows\SysWow64\kbd101V.dll [2011/06/12 17:51:29 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2011/04/12 11:58:44 | 000,005,078 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2011/02/21 23:28:34 | 000,000,600 | ---- | C] () -- C:\Users\Symesko\AppData\Local\PUTTY.RND [2011/01/19 17:55:46 | 000,844,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/12/30 00:39:08 | 000,001,854 | ---- | C] () -- C:\Users\Symesko\AppData\Roaming\GhostObjGAFix.xml ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010/12/09 20:42:39 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\DigitalPersona [2012/06/22 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\ExpressVPN [2011/02/21 20:34:21 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\FreeCap [2012/11/10 01:27:31 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\HEM Data [2012/12/09 16:13:31 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\HoldemManager [2011/02/16 21:42:54 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\PFStaticIP [2010/12/09 21:42:36 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\Razer [2010/12/13 15:56:39 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\Sierra Wireless [2012/12/05 23:11:54 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\SoftGrid Client [2011/01/19 17:56:56 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\TP [2011/02/09 19:08:09 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\Windows Live Writer [2012/04/27 13:47:35 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\Xerox ========== Purity Check ========== < End of report >

Here are the two logs OTL Extras logfile created on: 12/13/2012 11:01:10 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Symesko\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 5.75 Gb Total Physical Memory | 4.29 Gb Available Physical Memory | 74.69% Memory free 11.49 Gb Paging File | 9.07 Gb Available in Paging File | 78.96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 909.42 Gb Total Space | 656.83 Gb Free Space | 72.22% Space Free | Partition Type: NTFS Drive D: | 21.79 Gb Total Space | 3.18 Gb Free Space | 14.57% Space Free | Partition Type: NTFS Drive F: | 98.71 Mb Total Space | 88.57 Mb Free Space | 89.73% Space Free | Partition Type: FAT32 Computer Name: SYMESKO-LT | User Name: Symesko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3995993713-3184066139-968692001-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Sierra Wireless Inc\Watcher\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.) "C:\Program Files (x86)\Sierra Wireless Inc\Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.) "C:\Program Files (x86)\Sierra Wireless Inc\Watcher\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.) "C:\Program Files (x86)\Sierra Wireless Inc\Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09509B09-A20E-4EC5-844B-144F2D803AEB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{09F9009A-EF41-4AAE-8D08-3C74AFCBB863}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{12C5B76E-F2C0-4EE3-BA45-2FE5483FBF59}" = lport=445 | protocol=6 | dir=in | app=system | "{12F613B8-4936-4EF1-B330-839BF5BEBCD4}" = rport=445 | protocol=6 | dir=out | app=system | "{15477B3B-0AED-4607-96DB-887FACFF9CBA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{210775BE-9C7F-4059-84AE-7B68DE42C846}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{299FFFC1-9802-496B-AE46-EF36A4D52B8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{38F224A2-9F2C-4CA8-8FB6-FB2079E467AD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{4241DA6E-3490-421A-88A0-FA5581CDFBFD}" = lport=10243 | protocol=6 | dir=in | app=system | "{4C26FE3D-1B03-48CF-A9F6-50B2F4BA4255}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{502C1B16-6E38-481B-884D-3B74AF3E5964}" = lport=138 | protocol=17 | dir=in | app=system | "{52F89C4B-6D84-4367-888A-2E2F83198B1D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{55347850-CA1F-4D4D-940C-DF4BEB4D7D23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5A894EF1-E0EC-4C16-A8A9-EA806CA3EBA0}" = rport=10243 | protocol=6 | dir=out | app=system | "{62A665D1-6F39-4042-AE4A-3ABB5A646A92}" = lport=139 | protocol=6 | dir=in | app=system | "{69402169-3B7E-431F-BA80-1E1664FFEB7C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7039801C-1994-4C02-AF55-60E22CE16589}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7718ACED-E7DC-4BD2-BDE4-AE093971F93E}" = rport=138 | protocol=17 | dir=out | app=system | "{920E4089-E534-4465-BCF5-349A765B07A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A8DE6447-CB8A-4FAC-BF32-17D9EB922013}" = lport=2869 | protocol=6 | dir=in | app=system | "{AC163A75-A3EE-46DD-92D6-0C21B32743ED}" = lport=2869 | protocol=6 | dir=in | app=system | "{AEF952B8-DAA9-4017-9601-64FE0CB8CBF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BD8B4A61-235E-415E-906D-D604F2A51424}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D15E36CF-B6BE-4C60-827C-A87D7495B37E}" = rport=139 | protocol=6 | dir=out | app=system | "{D1B71E89-41CE-418C-AF99-8306EE370A6D}" = lport=137 | protocol=17 | dir=in | app=system | "{DBC8372D-B9B3-49DF-8354-DB1D87E084D5}" = rport=137 | protocol=17 | dir=out | app=system | "{E1611F85-6590-43A5-BDF1-5940F95C2013}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E8E6A2C1-E861-4CC4-ADE0-7D73CA14A503}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FA234F55-F31B-49C9-8862-8F579E63D150}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{002695D9-6FC5-48C9-96FB-3E548DE7A49C}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | "{030A927A-5D26-41A0-9BE9-EE2DC03FAA74}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe | "{062304AC-6DCA-4C92-8FE0-4D7A16A7E34A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0D605970-33DC-482B-9573-83F6DE5C6999}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft.temp\launcher.exe | "{131BADBE-1DCF-472C-8209-1B5FD386C1E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{14117329-4B12-45E9-AF3D-4458DAA31B41}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{166E1771-E3C7-4AC0-92A8-B359E826B5C6}" = protocol=6 | dir=out | app=system | "{167885C6-D071-49BD-ABE2-97C08BE93384}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{1D7000F9-64CE-4D5D-BA69-6DB19541217F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{21276D78-6C24-4541-B786-A51A4925FBAB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | "{2130AA7A-0EAA-4BD1-8933-AEC6190DE918}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | "{21E81B1D-E4DD-4A0B-8AAB-C677701EDCD1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{25EB2757-5CA2-4BCA-A56E-D43583545D28}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe | "{2E55E7BC-A746-45D0-9FDE-EC36F6382A67}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{2FA9E544-6808-4DBF-8C99-B2AA9C3CDD79}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{30261BBE-D26C-4BBC-BD78-3F75177E980A}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{39DC6E3A-4769-4F23-B15E-DED2BBF3851E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{3B303FBC-259F-4229-9429-86471C239886}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{4051D5B5-3202-4962-80DB-E5F33881F493}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe | "{41CE6C17-2AE6-46B4-A0D2-E457CB1F0B1D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{443651D1-811F-40CC-AAEB-35BCF421ED6E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{49C16CAD-D956-4EC5-99E7-ED8E34A2F0E2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{4B219EAD-0F0D-44B0-9195-7B3F97DEE832}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4C98B0E1-D197-41E1-BDE8-0504F836162B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{4D241D13-277E-4EF2-840B-98E846B919E9}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{4FEA1CFC-1073-432A-AA15-7C39456883D7}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft.temp\launcher.exe | "{57500B0B-964D-434A-A6B0-09D35F5223C2}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{5A9E5897-38AC-48C8-8F32-71FCD4D6A356}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | "{5F900569-5191-46FB-8E7E-25DD1362144A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5FF440B1-3403-472E-B654-71AFAFAA1FAB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{6175DC72-63EA-47AF-A25F-FB76F5E72566}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{63296FED-0112-4EFC-91FB-3757689CAB67}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{6A4E10DD-BAD6-44FB-83E8-48AA3A525D9D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe | "{6BEA9952-4249-46F0-92AB-8137AF2E3A07}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7258E239-4EBD-4908-B485-D66E0E917A47}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{763E99AB-9623-4A8F-B3C0-29F54F819B4B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{795DF500-626F-412B-BF18-FD87D2FABF8F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{7BC8F09B-4E0B-40CF-BA26-F30620972FB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{84592871-0879-4088-A612-BCC7EFF7DDB2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{863C166C-36F9-4989-BFD8-79A1DBDB356D}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{8BF3CB91-8395-41EC-A3FB-EF7483B47B8D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{90410852-CD5A-4E96-AD3B-5DE43E20FA0A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{904173DF-C20C-4E68-BC03-140EE5F7EA2B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{90EF3CE3-9EC4-42D4-8A5B-A0E7261E987E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{927940D9-354F-40E1-B3AE-86F494D6B1AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{96DFD82A-1D9B-40B9-8BF2-02A22CB6A5AD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{97DB02A1-5BFC-4174-89C5-FF6B06C5A1F3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{9B984979-9147-48BB-AFEC-A1C4B520945B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9C7BDEA4-5BDA-4DB7-B052-0F812A28B66D}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{A60AB9AD-4A3B-4837-87F7-65A7581B936E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{A745F342-7F70-40C9-9DA8-B178D8AEFD05}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{A7CD4556-61FB-43E6-900D-3BB86E3FCBCB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{AE685A90-99FB-4B71-A580-7BB107CD0571}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{B1FCBE00-E002-4E73-B09E-D71E9483040E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{B472E4D4-C4FD-492C-9B1F-8121957E6153}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{B6C1629A-B2FE-472A-9ED6-F244178DD393}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft.temp\launcher.patch.exe | "{BA4C0BE9-00F5-4300-8DB2-CCAE3A463BF2}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe | "{BB1402C3-2EEB-47AC-B60C-58FF3A54CC24}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BF756A8B-23FD-4FE3-AA1E-6605968759A4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C2FB49FC-DD4D-4719-BD75-3C823A0B3111}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{C3E93914-DDDE-4987-A26A-2BABB32C7B72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C76562F9-D1A3-4D59-B45D-D2A00F00B32D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{C919CE87-919E-4B54-B5DD-1D3271C5F5DD}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | "{CFEADF16-FDB0-4414-A658-687E20E1A9C3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{D6381608-31BC-447A-BCEB-FA0D92C05DEC}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe | "{D8C59831-6F26-4444-8B4E-CD80DA599838}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{DF16622B-3F5C-4A4D-AD8F-B8B9A5E2E94C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{E1AEBC62-C1D7-4476-AA6F-E33A749D117D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{E8585484-A4C2-42AF-9761-7FFAF93AE68A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{EC687BBD-2898-44AA-B7EF-2399DCE64114}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{ED01CDF8-E4D3-49BC-9BAC-7B839225E6E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EEF02052-1B91-4E2B-9D06-B02DDE0DEA71}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{F0799CF4-7DF8-46EC-8986-6CA446E70453}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{F2ACE324-C6AE-4954-A8B0-F266DD77ACF2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{F89F45EE-9647-4A24-A378-12A1F085B149}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{F9A454F3-3781-44B3-924F-51E01B112C82}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft.temp\launcher.patch.exe | "{FAF666CF-D14D-4FB5-A3A9-71F22EB0E51B}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{FB5AA6FF-CB84-4453-AAD3-558DC0C31FB0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{FCA10BE2-5B2C-4E98-B0B9-5FA472430BDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FDDC6810-A3FE-4BDF-884A-16A94D4B12EC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{3B829585-5C2B-43B4-AC8C-48677A100153}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | "UDP Query User{2BBDB323-C743-4D61-9044-A77246432D26}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer "{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit) "{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard "{426FAE9F-7373-496E-A215-9DB7EF4398CF}" = Validity Sensors DDK "{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}" = HP SimplePass Identity Protection "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu "{7495DE6E-A83A-17DE-994A-C42D1D78B307}" = AMD Fuel "{7B02BD23-7843-4481-5778-B20110993E0D}" = WMV9/VC-1 Video Playback "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B1F3524F-1F3B-4B79-0346-38669CD828C8}" = ccc-utility64 "{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant "{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64 "{FDAA17FB-9CDD-AA3B-ED37-FA6F0C052123}" = ATI Catalyst Install Manager "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "HoldemManager" = Holdem Manager "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3 "_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2A00CD93-492D-0B32-C144-A8B9792CCE3E}" = Catalyst Control Center Localization All "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{52F8811F-2BA4-F47F-600C-8C93C94E93DD}" = Catalyst Control Center InstallProxy "{5BC352F2-A0F5-5162-B519-ADCD72761DCE}" = ccc-core-static "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6C302296-6129-4125-9FD6-2188ECD8814E}" = HP Software Framework "{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24 "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7D4318AC-9560-46F0-910F-0B38D6CDC009}" = HP Documentation "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{818E0212-DA58-E255-00D2-4C22D50A12F2}" = CCC Help English "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95587AD6-8953-3288-49A1-4BBD8655E94D}" = Catalyst Control Center Graphics Previews Common "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B34FE99A-48DD-3564-761E-6BB78FBE5DB9}" = Catalyst Control Center InstallProxy "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3 "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{C1D11949-25D7-4C0F-AA72-7759FD8A089B}" = Sierra Wireless Watcher "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video "{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup "{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA "{D1F80EFD-A032-4E8E-A367-70C44AD4DCE0}" = ISCOM "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3 "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro "{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant "{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup "{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro "{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO "{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents "{F8423392-2296-4748-9B66-344432459632}" = PureHD "{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share "{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO "{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro "{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE661711-E392-4B3F-A4A7-02C747C09134}" = ISCOM "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "Diablo III" = Diablo III "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "ExpressVPN" = ExpressVPN v3.091 "Google Chrome" = Google Chrome "HoldemManager2" = Holdem Manager 2 "HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "McAfee Security Scan" = McAfee Security Scan Plus "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "MSC" = McAfee Total Protection "My HP Game Console" = HP Game Console "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "PokerStars" = PokerStars "Portforward Static IP Address" = Portforward Static IP Address 1.0.45 "StarCraft II" = StarCraft II "Veetle TV" = Veetle TV "WildTangent hp Master Uninstall" = HP Games "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite" = Windows Live Essentials "World of Warcraft" = World of Warcraft "WT087328" = Blackhawk Striker 2 "WT087342" = Dora's Carnival Adventure "WT087360" = Escape Rosecliff Island "WT087361" = FATE "WT087362" = Final Drive Nitro "WT087374" = Jewel Quest - Heritage "WT087394" = Penguins! "WT087395" = Poker Superstars III "WT087396" = Polar Bowler "WT087397" = Polar Golfer "WT087420" = Agatha Christie - Death on the Nile "WT087428" = Bejeweled 2 Deluxe "WT087453" = Chuzzle Deluxe "WT087501" = Plants vs. Zombies "WT087513" = Virtual Villagers - The Secret City "WT087533" = Zuma Deluxe ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3995993713-3184066139-968692001-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "101a9f93b8f0bb6f" = Curse Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/12/2012 2:35:24 AM | Computer Name = Symesko-LT | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 10062 Error - 12/12/2012 6:00:34 AM | Computer Name = Symesko-LT | Source = Application Error | ID = 1000 Description = Faulting application name: atieclxx.exe, version: 6.14.11.1069, time stamp: 0x4c96bf4d Faulting module name: atiadlxx.dll, version: 6.14.10.1054, time stamp: 0x4c96b718 Exception code: 0xc0000005 Fault offset: 0x000000000001f468 Faulting process id: 0x504 Faulting application start time: 0x01cdd824cf472b24 Faulting application path: C:\Windows\system32\atieclxx.exe Faulting module path: C:\Windows\system32\atiadlxx.dll Report Id: c50d801f-4442-11e2-93a7-f8b8d9e4c4f2 Error - 12/12/2012 6:27:13 AM | Computer Name = Symesko-LT | Source = VSS | ID = 8194 Description = Error - 12/12/2012 6:34:52 AM | Computer Name = Symesko-LT | Source = CVHSVC | ID = 100 Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error - 12/12/2012 6:58:34 AM | Computer Name = Symesko-LT | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 12/12/2012 7:05:27 AM | Computer Name = Symesko-LT | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 12/12/2012 10:25:46 PM | Computer Name = Symesko-LT | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/12/2012 10:25:46 PM | Computer Name = Symesko-LT | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 53767148 Error - 12/12/2012 10:25:46 PM | Computer Name = Symesko-LT | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 53767148 Error - 12/14/2012 12:37:49 AM | Computer Name = Symesko-LT | Source = VSS | ID = 8194 Description = [ Hewlett-Packard Events ] Error - 4/4/2012 9:12:52 PM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000 Description = Error - 5/22/2012 11:01:16 PM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000 Description = Error - 6/15/2012 7:24:11 AM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000 Description = Error - 6/15/2012 7:50:29 AM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000 Description = Error - 6/15/2012 7:50:29 AM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000 Description = Error - 7/14/2012 2:28:40 PM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000 Description = Error - 8/14/2012 7:40:39 AM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000 Description = Error - 10/2/2012 11:38:55 PM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000 Description = Error - 10/26/2012 2:03:48 AM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000 Description = Error - 11/14/2012 7:47:12 PM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000 Description = [ HP Wireless Assistant Events ] Error - 8/23/2011 7:49:49 PM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 10/1/2011 8:54:34 PM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 1/5/2012 1:46:13 AM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 3/18/2012 2:44:08 PM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 3/18/2012 2:44:15 PM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 3/20/2012 11:45:45 AM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 6/7/2012 12:55:19 AM | Computer Name = Symesko-LT | Source = HP WA Application | ID = 0 Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args) Error - 6/7/2012 12:55:56 AM | Computer Name = Symesko-LT | Source = HP WA Application | ID = 0 Description = MainWindow.ShowImpl; not initialized, closing application... Error - 6/13/2012 3:10:34 AM | Computer Name = Symesko-LT | Source = HP WA Application | ID = 0 Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args) Error - 6/13/2012 3:10:46 AM | Computer Name = Symesko-LT | Source = HP WA Application | ID = 0 Description = MainWindow.ShowImpl; not initialized, closing application... [ System Events ] Error - 12/12/2012 12:56:37 AM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Net.Pipe Listener Adapter service to connect. Error - 12/12/2012 12:56:37 AM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7000 Description = The Net.Pipe Listener Adapter service failed to start due to the following error: %%1053 Error - 12/12/2012 12:56:37 AM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7001 Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: %%1053 Error - 12/12/2012 6:24:39 AM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7001 Description = The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: %%1058 Error - 12/12/2012 6:25:49 AM | Computer Name = Symesko-LT | Source = DCOM | ID = 10016 Description = Error - 12/12/2012 10:25:34 PM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Wireless Assistant Service service. Error - 12/14/2012 12:34:24 AM | Computer Name = Symesko-LT | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:34:53 PM on ?12/?12/?2012 was unexpected. Error - 12/14/2012 12:34:39 AM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7001 Description = The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: %%1058 Error - 12/14/2012 12:35:44 AM | Computer Name = Symesko-LT | Source = DCOM | ID = 10016 Description = Error - 12/14/2012 12:39:34 AM | Computer Name = Symesko-LT | Source = DCOM | ID = 10010 Description = < End of report >

So, I'm starting to think the clean stretches I get are just flukes, or maybe the virus goes hiding lol.... I didn't use my laptop at all for anything after my last post until last night. When I logged in to google some stuff, the virus was back and as annoying as always....

Ok. I deleted the one Java, Updated the other. Updated Adobe Flash and Reader. I updated IE and since I don't use FF I uninstalled it. After this was done, I tried a search and got redirected. Then I reset IE to defaults and have had 10 clean searchers while using Chrome. Please note, I'm going out of town for the next week. I will have the infected laptop with me, and will be able to continue with this thread, just might be a bit more sporadic. Thanks greatly again for all the help so far!

And.... it's back. Not sure if it's related at all, but I was disconnected from the internet a few times very briefly just before the latest redirect. I was playing some Online games, and D/C'd three times in quick succession... it was when I went to google search D/C issues with the game that I started getting re-directed again.

Here are the results Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 37 Java version out of Date! Adobe Flash Player 11.4.402.287 Flash Player out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox 8.0 Firefox out of Date! Google Chrome 23.0.1271.95 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````

I ran it twice, because I was thinking this was an error, but this was the result both times. UNSUPPORTED OPERATING SYSTEM! ABORTED!

Alright, I have Reset IE to defaults. I just tried about 10 searches (using Chrome) and didn't get a single re-direct. Hopefully this is some headway....

Here is the ESET scan results ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=8 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial= # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-12-09 10:12:43 # local_time=2012-12-09 03:12:43 (-0700, Mountain Standard Time) # country="Canada" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5122 16777213 100 90 2501705 116947341 0 0 # compatibility_mode=5893 16776574 100 94 40883080 106634613 0 0 # scanned=303138 # found=0 # cleaned=0 # scan_time=11021

Created a new browers profile, that did not fix anything. Reinstalled Chrome, that also did not fix it. I have noticed that now (today at least), it is redirecting me to "Ihavenet.com" search engine. It seems to change the search engine it redirects to daily.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.8.9 (12.05.2012:5) OS: Windows 7 Home Premium x64 Ran by Symesko on 08/12/2012 at 16:42:30.70 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08/12/2012 at 16:49:06.13 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~