Symesko
-
Posts
33 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Symesko
-
-
I ran it through VirusTotal, it came up with detection ratio of 14/45. I have uploaded a zipped copy of the file in this post as well so you can inspect it further.
-
GrantPerms by Farbar
Ran by Symesko (administrator) at 2012-12-22 12:41:21
===============================================
\\?\C:\Windows\SysWOW64\kbd101V.dll
Owner: BUILTIN\Administrators
DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)
This is the result, i'll try working with the file now. I'll try to run the tool you asked me to use first, if that doesn't work, I'll zip it and upload it in my next post.
-
The file was in C:\Windows\SysWOW64\
I could zip all the other files in the folder(that I attempted), it was only this file that as blocked from my access. I'm not sure why there would be a Japanese Keyboard Layout on my comp, unless it's something that comes with a language pack. I know I've never installed that directly.
The addon I was referring to was a World of Warcraft addon... they are like mods which change the UI of the game.
-
It hasn't been redirecting me for the past few days... hopefully we have solved the issue, whether it was that file, or the addon that I removed.
-
It won't let me zip it. I disabled my AV in case it was that blocking me, but it keeps saying "File not found or no read permission".
-
I restored the file, but when I went to the website it wouldn't let me "open" that file. A window popped up saying I didn't have permission and had to contact the owner or admin. I'm the only user on this computer and I have Admin rights. I tried to open a half dozen other files in the folder, and had zero issues.
While I had the file restored, I tried some searches but didn't get redirected.
One thing I have done is changed an addon I use with World of Warcraft, and I've done that within the past few days. I removed the old one from my computer, and I know that addons for that game are notorious for having virus' in them. I would almost think that when re-installed WoW was about the time the re-directs started, but I can't be 100% on that.
My AV keeps picking up that file, so I have removed it again.
I haven't used any of the extensions.
-
I ran a full search today with my Anti-Virus and it picked up a threat with it removed. It was a Trojan Horse *Generic29.akvz*
Actual file name was kbd101V.dll
-
Here is the log from Silent Runners
"Silent Runners.vbs", revision 64, http://www.silentrunners.org/
Operating System: Microsoft Windows 7 Home Premium Service Pack 1 (64-bit)
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
LightScribe Control Panel = C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [Hewlett-Packard Company]
Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS]
ISUSPM = "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [Acresso Corporation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SmartMenu = C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [null data]
HPWirelessAssistant = C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [null data]
SysTrayApp = C:\Program Files\IDT\WDM\sttray64.exe
CanonMyPrinter = C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [CANON INC.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
mcui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [McAfee, Inc.]
Lachesis = C:\Program Files (x86)\Razer\Lachesis\razerhid.exe [empty string]
TRUUpdater = "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground [sierra Wireless, Inc.]
WatcherHelper = "C:\Program Files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe" [sierra Wireless Inc.]
StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.]
HP Quick Launch = C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [Hewlett-Packard Development Company, L.P.]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
CanonSolutionMenuEx = C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [CANON INC.]
QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Apple Inc.]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [sun Microsystems, Inc.]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]
AVG_UI = "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [AVG Technologies CZ, s.r.o.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM…Wow…CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Java Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Java Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
MOBK\(Default) = {3c3f3c1a-9153-7c05-f938-622e7003894d}
-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions
\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]
MOBK2\(Default) = {e6ea1d7d-144e-b977-98c4-84c53c1a69d0}
-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions Icon Overlay 2
\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]
MOBK3\(Default) = {b4caf489-1eec-c617-49ad-8d7088598c06}
-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions Icon Overlay 3
\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{5FCD4425-CA3A-48F4-A57C-B8A75C32ACB1} = NSE_WithSubFld
-> {HKLM…CLSID} = NSE_WithSubFld
\InProcServer32\(Default) = C:\Program Files (x86)\Hewlett-Packard\Recovery\Protect.dll [null data]
{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
-> {HKLM…CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]
{2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [synaptics Incorporated]
{3c3f3c1a-9153-7c05-f938-622e7003894d} = McAfee Online Backup Shell Extensions
-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions
\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]
{e6ea1d7d-144e-b977-98c4-84c53c1a69d0} = McAfee Online Backup Shell Extensions Icon Overlay 2
-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions Icon Overlay 2
\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]
{b4caf489-1eec-c617-49ad-8d7088598c06} = McAfee Online Backup Shell Extensions Icon Overlay 3
-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions Icon Overlay 3
\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]
{781bca65-20ed-8f6a-368f-b523ec4f51b2} = McAfee Online Backup Shell Extensions NSE
-> {HKLM…CLSID} = McAfee Online Backup
\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension
-> {HKLM…CLSID} = DisplayCplExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]
{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71} = Microsoft Image Composite Editor
-> {HKCU…CLSID} = CShellStitcher Object
\InProcServer32\(Default) = C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll [file not found]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
-> {HKLM…CLSID} = iTunes
\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension
-> {HKLM…CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgsea.dll [AVG Technologies CZ, s.r.o.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{DBD8E168-244D-448C-9922-25508950D1DC} = Ulead UDF Driver
-> {HKLM…Wow…CLSID} = USIShellExt Class
\InProcServer32\(Default) = c:\Program Files (x86)\Common Files\Ulead Systems\DVD\USIShex.dll [ulead Systems, Inc.]
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension
-> {HKLM…Wow…CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.]
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> (DPPassFilter [DigitalPersona, Inc.]) Notification Packages = DPPassFilter|scecli
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> (livessp [MS]) Security Packages = kerberos|msv1_0|schannel|wdigest|tspkg|pku2u|livessp
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\
{FD2AB138-F9A8-4ab6-9095-EEE7AF8B6C28}\(Default) = DigitalPersona Credential Provider Filter
-> {HKLM…CLSID} = ProvFilter Class
\InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
{2A16DF2F-490B-4F2B-8C68-21EF46FCCC37}\(Default) = DigitalPersona Password Credential Provider
-> {HKLM…CLSID} = PswWrapProv Class
\InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.]
{3ADC7042-51AF-4D0F-BD1D-4D6965A77323}\(Default) = DigitalPersona Fingerprint Credential Provider
-> {HKLM…CLSID} = FingerProv Class
\InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.]
{4C0F0D42-DA2D-45da-85BC-B7A1AB53BF65}\(Default) = DigitalPersona CryptoToken Credential Provider
-> {HKLM…CLSID} = TokenProv Class
\InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.]
{57E84B57-5533-4624-AB49-E29C8C5489D6}\(Default) = DigitalPersona External Credential Provider
-> {HKLM…CLSID} = ExternalProv Class
\InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.]
{70099717-17C8-4BD0-B3D4-FAF721AB1A62}\(Default) = DigitalPersona Smartcard Credential Provider
-> {HKLM…CLSID} = SCardWrapProv Class
\InProcServer32\(Default) = C:\Windows\system32\dpcrprov.dll [DigitalPersona, Inc.]
{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = WLIDCredentialProvider
-> {HKLM…CLSID} = WLIDCredentialProvider
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> application/x-mfe-ipt\CLSID = {3EF5086B-5478-4598-A054-786C45D75692}
-> {HKLM…CLSID} = McInternetProtocolRoot Class
\InProcServer32\(Default) = c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL [McAfee, Inc.]
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<<!>> dssrequest\CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5}
-> {HKLM…CLSID} = McAfee SACore Protocol Handler
\InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.]
<<!>> sacore\CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5}
-> {HKLM…CLSID} = McAfee SACore Protocol Handler
\InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.]
HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\(Default) = (no title provided)
-> {HKCU…CLSID} = CShellStitcher Object
\InProcServer32\(Default) = C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll [file not found]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
-> {HKLM…CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgsea.dll [AVG Technologies CZ, s.r.o.]
Corel.Paint.Shop.Pro.Photo\(Default) = {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7}
-> {HKLM…CLSID} = PSPContextMenu Class
\InProcServer32\(Default) = c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll [null data]
McCtxMenuFrmWrk\(Default) = {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2}
-> {HKLM…CLSID} = McCtxFrmWrk Class
\InProcServer32\(Default) = c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL [McAfee, Inc.]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
MOBK\(Default) = {3c3f3c1a-9153-7c05-f938-622e7003894d}
-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions
\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
Corel.Paint.Shop.Pro.Photo\(Default) = {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7}
-> {HKLM…CLSID} = PSPContextMenu Class
\InProcServer32\(Default) = c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll [null data]
MOBK\(Default) = {3c3f3c1a-9153-7c05-f938-622e7003894d}
-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions
\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
-> {HKLM…CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]
MOBK\(Default) = {3c3f3c1a-9153-7c05-f938-622e7003894d}
-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions
\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
-> {HKLM…CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgsea.dll [AVG Technologies CZ, s.r.o.]
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
McCtxMenuFrmWrk\(Default) = {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2}
-> {HKLM…CLSID} = McCtxFrmWrk Class
\InProcServer32\(Default) = c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL [McAfee, Inc.]
MOBK\(Default) = {3c3f3c1a-9153-7c05-f938-622e7003894d}
-> {HKLM…CLSID} = McAfee Online Backup Shell Extensions
\InProcServer32\(Default) = C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [McAfee, Inc.]
Default executables:
--------------------
<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = ComFile
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallpaper = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Disable changing wallpaper}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
DisableRegistryTools = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
DisableTaskMgr = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Symesko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
CDSUnknownContentOnArrival\
Provider = Corel VideoStudio Pro
InvokeProgID = CorelDigitalStudio.AutoPlay
InvokeVerb = CDSUnknownContentOnArrival
HKLM\SOFTWARE\Classes\CorelDigitalStudio.AutoPlay\shell\CDSUnknownContentOnArrival\Command\(Default) = c:\Program Files (x86)\Corel\Corel VideoStudio Pro X3\vstudio.exe /T:UVSClassic /parameters:Step=0,Handler=UnknownContentOnArrival,DeviceHint=%1 [Corel TW Corp.]
CDSVideoCameraArrival\
Provider = Corel VideoStudio Pro
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "c:\Program Files (x86)\Corel\Corel VideoStudio Pro X3\\vstudio.exe" /T:UVSClassic /parameters:Step=0,Handler=VideoCameraArrival,DeviceHint=%1
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = Shell Execute Hardware Event Handler
\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
Corel PaintShop Photo Pro X3ShowPicturesOnArrivalHandler\
Provider = Corel PaintShop Photo Pro X3
InvokeProgID = PaintShopPhotoProX3.Image
InvokeVerb = Review
HKLM\SOFTWARE\Classes\PaintShopPhotoProX3.Image\shell\Review\command\(Default) = "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" /Review "%1" [Corel, Inc.]
HPMSDVDPlayBluRayArrival\
Provider = HP MediaSmart DVD
InvokeProgID = BD
InvokeVerb = PlayWithHPMediaSmartDVD
HKLM\SOFTWARE\Classes\BD\shell\PlayWithHPMediaSmartDVD\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.]
HPMSDVDPlayDVDMovieOnArrival\
Provider = HP MediaSmart DVD
InvokeProgID = DVD
InvokeVerb = PlayWithHPMediaSmartDVD
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithHPMediaSmartDVD\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.]
HPMSDVDPlayVCDMovieOnArrival\
Provider = HP MediaSmart DVD
InvokeProgID = VCD
InvokeVerb = PlayWithHPMediaSmartDVD
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithHPMediaSmartDVD\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.]
iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]
iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]
iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]
iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]
MediaSmartDVFilesArrival\
Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\MUITransfer\HPEnvRes.dll,-101
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe" video dv
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = Shell Execute Hardware Event Handler
\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
MediaSmartPhotoPictureFilesArrival\
Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\MUITransfer\HPEnvRes.dll,-101
InvokeProgID = Picture
InvokeVerb = PlayWithMediaSmartPhoto
HKLM\SOFTWARE\Classes\Picture\shell\PlayWithMediaSmartPhoto\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe" photo import "%L" [CyberLink Corp.]
MediaSmartVideoFilesArrival\
Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\MUITransfer\HPEnvRes.dll,-101
InvokeProgID = VideoFiles
InvokeVerb = PlayWithMediaSmartVideo
HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithMediaSmartVideo\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe" video import "%L" [CyberLink Corp.]
MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSWMEncVCArrival\
Provider = Windows Media Encoder 9 Series
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = C:\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = Shell Execute Hardware Event Handler
\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
P2GCDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankCD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.]
P2GDVDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.]
PDirDVArrival\
Provider = PowerDirector
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.exe" /DV
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = Shell Execute Hardware Event Handler
\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
Power2GoPlayCDAudioOnArrival\
Provider = Power2Go
InvokeProgID = AudioCD
InvokeVerb = PlayWithPower2Go
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.]
PStarterBlankCDArrival\
Provider = DVD Suite
InvokeProgID = BlankCD
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.]
PStarterDVDBurningOnArrival\
Provider = DVD Suite
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.]
PStarterMixedCDArrival\
Provider = DVD Suite
InvokeProgID = MixedContent
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.]
PStarterMusicFilesArrival\
Provider = DVD Suite
InvokeProgID = MusicFiles
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.]
PStarterPicturesArrival\
Provider = DVD Suite
InvokeProgID = Picture
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.]
PStarterVideoFilesArrival\
Provider = DVD Suite
InvokeProgID = VideoFiles
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe" "%L" [CyberLink Corp.]
WIA_{6D96E87A-CE06-4458-9F7E-4BF6045132A4}\
Provider = Corel PaintShop Photo Pro X3
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe -wialaunch;
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]
WIA_{BEE6156E-FF18-4592-BA31-53457140584C}\
Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\MUITransfer\HPEnvRes.dll,-101
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe.exe photo import wpd %1 %2;
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]
WIA_{C499E75D-9B79-43AB-A21D-0FC1B4BC46AC}\
Provider = MP Navigator EX Ver4.0
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exe /StiDevice:%1 /StiEvent:%2;
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]
WIA_{F5C7F58A-12E5-4357-8B2F-5F8057D8EF70}\
Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\MUITransfer\HPEnvRes.dll,-101
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe.exe video import wpd %1 %2;
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]
WIA_{F7BDBE51-11D0-4A03-A256-9EB6D68762EB}\
Provider = Corel PaintShop Photo Pro X3
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe -wialaunch /StiDevice:%1 /StiEvent:%2;
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]
Startup items in "Symesko" & "All Users" startup folders:
---------------------------------------------------------
C:\Users\Symesko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
<<!>> CurseClientStartup.ccip [null data]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus -> shortcut to: C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [McAfee, Inc.]
Windows Sidebar Gadgets:
------------------------
C:\Users\Symesko\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCurrency.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCalendar.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CAVG.Gadget%5C"
Non-disabled Scheduled Tasks:
-----------------------------
C:\Windows\System32\Tasks
Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
HPCeeScheduleForSymesko -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForSymesko (null) [null data]
MirageAgent -> (HIDDEN!) launches: C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [CyberLink]
Nwqp -> launches: C:\Windows\system32\rundll32.exe "C:\Windows\SysWOW64\kbd101V.dll",zoqpo [MS]
RecoveryCDWin7 -> launches: "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" RecoveryCDWin7 ShowMessageTask [null data]
ServicePlan -> launches: "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" ServicePlan ShowMessageTask15D [null data]
{7B5720EF-B4A5-4230-9FA7-306AE8034B20} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Symesko\Downloads\PokerStarsInstall(1).exe -d "C:\Program Files (x86)\Mozilla Firefox" [MS]
C:\Windows\System32\Tasks\Apple
AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant
HP Support Assistant Quick Start -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart [null data]
PC Health Analysis -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis [null data]
Update Check -> launches: C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe /s /p 1 [null data]
Warranty Opt-In(No) -> launches: c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe /EventId=2 [null data]
Warranty Opt-In(Yes) -> launches: c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe /EventId=1 [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
-> {HKLM…Wow…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM…CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM…CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM…Wow…CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM…CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM…CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM…CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM…CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM…CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM…CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM…Wow…CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM…CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM…Wow…CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
-> {HKLM…Wow…CLSID} = Windows Live Social Object Extractor Engine Definition Updater
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000006\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000007\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000008\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000009\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} = McAfee SiteAdvisor
-> {HKLM…CLSID} = McAfee SiteAdvisor Toolbar
\InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} = McAfee SiteAdvisor
-> {HKLM…Wow…CLSID} = McAfee SiteAdvisor Toolbar
\InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [McAfee, Inc.]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} = Canon Easy-WebPrint EX
-> {HKLM…Wow…CLSID} = Canon Easy-WebPrint EX
\InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
-> {HKLM…Wow…CLSID} = BlogThisToolbarButton Class
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]
{25510184-5A38-4A99-B273-DCA8EEF6CD08}\
ButtonText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103
MenuText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102
Exec = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [null data]
{3AD14F0C-ED16-4E43-B6D8-661B03F6A1EF}\
ButtonText = PokerStars
Exec = C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe [PokerStars]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD]
AMD FUEL Service, AMD FUEL Service, C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [Advanced Micro Devices, Inc.]
AMD Reservation Manager, AMD Reservation Manager, "C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe" [Advanced Micro Devices]
Andrea ST Filters Service, AESTFilters, C:\Program Files\IDT\WDM\AESTSr64.exe [Andrea Electronics Corporation]
Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
Application Host Helper Service, AppHostSvc, C:\Windows\system32\svchost.exe -k apphost {C:\Windows\system32\inetsrv\apphostsvc.dll [MS]}
Application Virtualization Client, sftlist, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [MS]
Application Virtualization Service Agent, sftvsa, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [MS]
Audio Service, STacSV, C:\Program Files\IDT\WDM\STacSV64.exe [iDT, Inc.]
Authentication Service, DpHost, C:\Program Files\DigitalPersona\Bin\DpHostW.exe [DigitalPersona, Inc.]
AVG WatchDog, avgwd, "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.]
AVGIDSAgent, AVGIDSAgent, "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [AVG Technologies CZ, s.r.o.]
Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Canon Inkjet Printer/Scanner/Fax Extended Survey Program, IJPLMSVC, C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [null data]
Client Virtualization Handler, cvhsvc, "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [MS]
HP Service, hpsrv, C:\Windows\system32\Hpservice.exe [Hewlett-Packard Company]
HP Software Framework Service, hpqwmiex, "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [Hewlett-Packard Company]
HP Support Assistant Service, HP Support Assistant Service, "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [null data]
HP Wireless Assistant Service, HP Wireless Assistant Service, "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [null data]
HPWMISVC, HPWMISVC, C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [Hewlett-Packard Development Company, L.P.]
iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" [Hewlett-Packard Company]
McAfee Anti-Spam Service, MSK80Service, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee Firewall Core Service, mfefire, "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [McAfee, Inc.]
McAfee McShield, McShield, "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [McAfee, Inc.]
McAfee Network Agent, McNASvc, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee Online Backup, MOBKbackup, "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [McAfee, Inc.]
McAfee Personal Firewall Service, McMPFSvc, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee Proxy Service, McProxy, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee Services, mcmscsvc, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee SiteAdvisor Service, McAfee SiteAdvisor Service, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee Validation Trust Protection Service, mfevtp, "C:\Windows\system32\mfevtps.exe" [McAfee, Inc.]
McAfee VirusScan Announcer, McNaiAnn, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
Net.Pipe Listener Adapter, NetPipeActivator, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [MS]
Net.Tcp Listener Adapter, NetTcpActivator, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [MS]
Net.Tcp Port Sharing Service, NetTcpPortSharing, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [MS]
Validity VCS Fingerprint Service, vcsFPService, C:\Windows\system32\vcsFPService.exe [Validity Sensors, Inc.]
Windows Process Activation Service, WAS, C:\Windows\system32\svchost.exe -k iissvcs {C:\Windows\system32\inetsrv\iisw3adm.dll [MS]}
World Wide Web Publishing Service, W3SVC, C:\Windows\system32\svchost.exe -k iissvcs {C:\Windows\system32\inetsrv\iisw3adm.dll [MS]}
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
<<!>> mcmscsvc, (title not found)
<<!>> MCODS, (title not found)
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
<<!>> DpHost, Service
<<!>> McMPFSvc, Service
<<!>> mcmscsvc, (title not found)
<<!>> MCODS, (title not found)
<<!>> mfefire, Driver
<<!>> mfefirek, Driver
<<!>> mfefirek.sys, Driver
<<!>> mfehidk, Driver
<<!>> mfehidk.sys, Driver
<<!>> mfevtp, Driver
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor MP495 series\Driver = CNMLMA9.DLL [CANON INC.]
Canon BJNP Port\Driver = CNMN6PPM.DLL [CANON INC.]
PCL hpf3lw73\Driver = hpf3lw73.dll [Hewlett-Packard Company]
---------- (launch time: 2012-12-19 10:55:50)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 109 seconds, including 16 seconds for message boxes)
-
After running a few searches, I'm still getting re-directed.
-
I ran the NPE tool, it found and removed 3 "threats"
Curse Client, Junk Removal Tool, and rikvm_c6f09094.sys
-
Ran the full scan, took 8 hours, came back completely clean.
-
Okay, I ran the quick scan with the MSS tool, it came up clean. I can run the full scan if you need.
-
<p>Here is the log file</p>
<p> </p>
<p> </p>
<div>All processes killed</div>
<div>========== OTL ==========</div>
<div>64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.</div>
<div>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.</div>
<div>64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.</div>
<div>64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.</div>
<div>Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.</div>
<div>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.</div>
<div>========== COMMANDS ==========</div>
<div> </div>
<div>[EMPTYJAVA]</div>
<div> </div>
<div>User: All Users</div>
<div> </div>
<div>User: Default</div>
<div> </div>
<div>User: Default User</div>
<div> </div>
<div>User: DefaultAppPool</div>
<div> </div>
<div>User: postgres</div>
<div> </div>
<div>User: Public</div>
<div> </div>
<div>User: Symesko</div>
<div>->Java cache emptied: 3248641 bytes</div>
<div> </div>
<div>Total Java Files Cleaned = 3.00 mb</div>
<div> </div>
<div> </div>
<div>[EMPTYTEMP]</div>
<div> </div>
<div>User: All Users</div>
<div> </div>
<div>User: Default</div>
<div>->Temp folder emptied: 0 bytes</div>
<div>->Temporary Internet Files folder emptied: 67 bytes</div>
<div> </div>
<div>User: Default User</div>
<div>->Temp folder emptied: 0 bytes</div>
<div>->Temporary Internet Files folder emptied: 0 bytes</div>
<div> </div>
<div>User: DefaultAppPool</div>
<div>->Temp folder emptied: 0 bytes</div>
<div>->Temporary Internet Files folder emptied: 67 bytes</div>
<div> </div>
<div>User: postgres</div>
<div>->Temp folder emptied: 0 bytes</div>
<div>->Temporary Internet Files folder emptied: 67 bytes</div>
<div> </div>
<div>User: Public</div>
<div>->Temp folder emptied: 0 bytes</div>
<div> </div>
<div>User: Symesko</div>
<div>->Temp folder emptied: 16733501 bytes</div>
<div>->Temporary Internet Files folder emptied: 14290906 bytes</div>
<div>->Java cache emptied: 0 bytes</div>
<div>->Google Chrome cache emptied: 46498203 bytes</div>
<div>->Flash cache emptied: 826 bytes</div>
<div> </div>
<div>%systemdrive% .tmp files removed: 0 bytes</div>
<div>%systemroot% .tmp files removed: 0 bytes</div>
<div>%systemroot%\System32 .tmp files removed: 0 bytes</div>
<div>%systemroot%\System32 (64bit) .tmp files removed: 69032 bytes</div>
<div>%systemroot%\System32\drivers .tmp files removed: 0 bytes</div>
<div>Windows Temp folder emptied: 13388735 bytes</div>
<div>%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 73916 bytes</div>
<div>RecycleBin emptied: 0 bytes</div>
<div> </div>
<div>Total Files Cleaned = 87.00 mb</div>
<div> </div>
<div> </div>
<div>[EMPTYFLASH]</div>
<div> </div>
<div>User: All Users</div>
<div> </div>
<div>User: Default</div>
<div> </div>
<div>User: Default User</div>
<div> </div>
<div>User: DefaultAppPool</div>
<div> </div>
<div>User: postgres</div>
<div> </div>
<div>User: Public</div>
<div> </div>
<div>User: Symesko</div>
<div>->Flash cache emptied: 0 bytes</div>
<div> </div>
<div>Total Flash Files Cleaned = 0.00 mb</div>
<div> </div>
<div> </div>
<div>OTL by OldTimer - Version 3.2.69.0 log created on 12142012_195553</div>
<div> </div>
<div>Files\Folders moved on Reboot...</div>
<div>C:\Users\Symesko\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.</div>
<div> </div>
<div>PendingFileRenameOperations files...</div>
<div> </div>
<div>Registry entries deleted on Reboot...</div>
<div> </div>
<div> </div>
<div>The Internet connection in this hotel isn't the best, so I may have to wait to run that tool. I'll post once it's run.</div>
-
OTL logfile created on: 12/13/2012 11:01:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Symesko\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
5.75 Gb Total Physical Memory | 4.29 Gb Available Physical Memory | 74.69% Memory free
11.49 Gb Paging File | 9.07 Gb Available in Paging File | 78.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 909.42 Gb Total Space | 656.83 Gb Free Space | 72.22% Space Free | Partition Type: NTFS
Drive D: | 21.79 Gb Total Space | 3.18 Gb Free Space | 14.57% Space Free | Partition Type: NTFS
Drive F: | 98.71 Mb Total Space | 88.57 Mb Free Space | 89.73% Space Free | Partition Type: FAT32
Computer Name: SYMESKO-LT | User Name: Symesko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/12/13 22:59:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Symesko\Desktop\OTL.exe
PRC - [2012/12/08 23:16:05 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
PRC - [2012/11/27 20:43:18 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/10/31 11:30:36 | 000,659,672 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/06/24 22:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/04/05 12:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/12/10 02:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/11/10 18:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
PRC - [2009/11/04 16:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razertra.exe
PRC - [2009/04/20 09:48:42 | 000,053,248 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe
PRC - [2009/03/09 14:07:04 | 000,554,264 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
PRC - [2008/10/20 14:32:48 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2007/08/16 17:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files (x86)\Razer\Lachesis\OSD.exe
PRC - [2007/06/05 10:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
========== Modules (No Company Name) ==========
MOD - [2012/11/27 20:43:17 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll
MOD - [2012/11/27 20:43:16 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
MOD - [2012/11/27 20:43:15 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012/11/27 20:42:30 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
MOD - [2012/11/27 20:42:29 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libegl.dll
MOD - [2012/11/27 20:42:22 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012/11/27 20:42:21 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012/11/27 20:42:21 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/22 13:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/11/22 13:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/11/22 13:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/11/10 18:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
MOD - [2009/11/04 16:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razertra.exe
MOD - [2009/03/09 13:59:24 | 000,218,392 | ---- | M] () -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/11/16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/11/09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/11/09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/11/09 06:33:08 | 000,241,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2011/04/20 18:02:16 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/01 22:24:33 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/01 22:24:32 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/01/04 22:07:10 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/15 10:30:34 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2010/02/23 07:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/11 21:52:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/29 20:51:12 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/04/05 12:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/23 07:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/11/09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/11/09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/11/09 06:36:30 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/11/09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/11/09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/11/09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/11/09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/04/26 02:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/01 22:24:33 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/21 18:48:46 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/01/21 18:48:46 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/27 01:32:55 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/08/24 09:45:08 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbicp.sys -- (uisp)
DRV:64bit: - [2010/06/24 22:32:52 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/05/06 06:21:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/08 22:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/27 18:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/16 21:09:14 | 000,029,952 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/27 15:56:56 | 000,202,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV:64bit: - [2009/02/27 15:51:40 | 000,198,408 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (SWMX00)
DRV:64bit: - [2008/09/16 14:18:40 | 000,031,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/09/16 14:18:40 | 000,031,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\swmsflt.sys -- (swmsflt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{362241FC-7EFA-4221-8898-51DBB3C51684}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{85F267E2-6A69-4D86-92A6-D573E712C412}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{9EA4E6D6-2A3C-46A2-9F51-502F02495DE4}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
IE - HKLM\..\SearchScopes\{B503DCCC-5DA5-44DC-A6F6-ED6879F4AEF0}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPCON/4
IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKU\S-1-5-21-3995993713-3184066139-968692001-1004\..\SearchScopes,DefaultScope =
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/07/29 19:07:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/11/09 16:17:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/11/14 21:21:49 | 000,000,000 | ---D | M]
[2012/12/10 08:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/28 08:29:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/03/17 15:57:05 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
========== Chrome ==========
CHR - homepage: about:blank
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: about:blank
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.123.1_0\McChPlg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Drive = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.123.1_0\
CHR - Extension: Gmail = C:\Users\Symesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/12/04 19:09:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\S-1-5-21-3995993713-3184066139-968692001-1001..\Run: [iSUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3995993713-3184066139-968692001-1004..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-3995993713-3184066139-968692001-1004..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3995993713-3184066139-968692001-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Symesko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3995993713-3184066139-968692001-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3995993713-3184066139-968692001-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.18.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36B19133-7C9A-45EE-95D1-EB804ED02A2D}: DhcpNameServer = 192.168.18.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD07131E-5218-4DA1-9F97-E33433D24BA1}: DhcpNameServer = 184.151.118.254 70.28.245.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2C6E474-AE3E-4CAC-858F-43F0D53B4844}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/13 23:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/12/13 22:58:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Symesko\Desktop\OTL.exe
[2012/12/10 08:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/12/09 20:46:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/12/08 23:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/08 23:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/12/05 23:28:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/12/05 23:20:36 | 000,000,000 | ---D | C] -- C:\JRT
[2012/12/05 23:20:16 | 000,914,301 | ---- | C] (Chilkat Software, Inc.) -- C:\Users\Symesko\Desktop\JRT.exe
[2012/12/05 23:15:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/04 19:12:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/04 18:50:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/04 18:50:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/04 18:50:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/04 18:42:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/04 18:41:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/04 18:15:03 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\Symesko\Desktop\ComboFix.exe
[2012/12/03 21:04:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Symesko\Desktop\tdsskiller.exe
[2012/12/03 20:07:07 | 000,000,000 | ---D | C] -- C:\Users\Symesko\Desktop\RK_Quarantine
[2012/12/03 18:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/03 18:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/03 18:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/03 18:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/03 18:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/11/21 19:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/11/21 19:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/11/14 19:05:28 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/12/13 22:59:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Symesko\Desktop\OTL.exe
[2012/12/13 22:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/13 22:26:48 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/13 21:43:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/13 21:43:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/13 21:34:34 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/12/13 21:34:31 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\Nwqp.job
[2012/12/13 21:34:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/13 21:34:21 | 331,534,335 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/12 19:26:09 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/12 03:24:14 | 000,312,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/10 08:44:07 | 000,001,437 | ---- | M] () -- C:\Users\Symesko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/10 08:36:35 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/12/10 08:36:34 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/12/10 08:21:36 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/12/09 20:57:04 | 000,859,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/09 20:12:21 | 000,856,731 | ---- | M] () -- C:\Users\Symesko\Desktop\SecurityCheck (1).exe
[2012/12/08 23:16:39 | 000,002,289 | ---- | M] () -- C:\Users\Symesko\Desktop\Google Chrome.lnk
[2012/12/05 23:20:20 | 000,914,301 | ---- | M] (Chilkat Software, Inc.) -- C:\Users\Symesko\Desktop\JRT.exe
[2012/12/05 23:20:20 | 000,723,156 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/05 23:20:20 | 000,145,166 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/05 06:59:52 | 000,540,743 | ---- | M] () -- C:\Users\Symesko\Desktop\adwcleaner.exe
[2012/12/04 19:09:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/04 18:15:15 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\Symesko\Desktop\ComboFix.exe
[2012/12/03 21:06:25 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Symesko\Desktop\tdsskiller.exe
[2012/12/03 20:06:15 | 000,752,128 | ---- | M] () -- C:\Users\Symesko\Desktop\RogueKiller.exe
[2012/12/03 18:10:42 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/28 03:20:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSymesko.job
[2012/11/21 19:54:04 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/12/10 08:36:35 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/12/10 08:36:34 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/12/10 08:21:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/12/10 08:21:36 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/12/09 20:12:19 | 000,856,731 | ---- | C] () -- C:\Users\Symesko\Desktop\SecurityCheck (1).exe
[2012/12/08 23:16:39 | 000,002,289 | ---- | C] () -- C:\Users\Symesko\Desktop\Google Chrome.lnk
[2012/12/08 23:16:14 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/08 23:16:12 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/05 06:59:43 | 000,540,743 | ---- | C] () -- C:\Users\Symesko\Desktop\adwcleaner.exe
[2012/12/04 18:50:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/04 18:50:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/04 18:50:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/04 18:50:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/04 18:50:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/03 20:06:08 | 000,752,128 | ---- | C] () -- C:\Users\Symesko\Desktop\RogueKiller.exe
[2012/12/03 18:10:42 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/21 19:54:04 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/16 03:12:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 03:03:15 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/08/07 20:32:58 | 000,135,168 | RHS- | C] () -- C:\Windows\SysWow64\kbd101V.dll
[2011/06/12 17:51:29 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011/04/12 11:58:44 | 000,005,078 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011/02/21 23:28:34 | 000,000,600 | ---- | C] () -- C:\Users\Symesko\AppData\Local\PUTTY.RND
[2011/01/19 17:55:46 | 000,844,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/30 00:39:08 | 000,001,854 | ---- | C] () -- C:\Users\Symesko\AppData\Roaming\GhostObjGAFix.xml
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2010/12/09 20:42:39 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\DigitalPersona
[2012/06/22 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\ExpressVPN
[2011/02/21 20:34:21 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\FreeCap
[2012/11/10 01:27:31 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\HEM Data
[2012/12/09 16:13:31 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\HoldemManager
[2011/02/16 21:42:54 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\PFStaticIP
[2010/12/09 21:42:36 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\Razer
[2010/12/13 15:56:39 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\Sierra Wireless
[2012/12/05 23:11:54 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\SoftGrid Client
[2011/01/19 17:56:56 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\TP
[2011/02/09 19:08:09 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\Windows Live Writer
[2012/04/27 13:47:35 | 000,000,000 | ---D | M] -- C:\Users\Symesko\AppData\Roaming\Xerox
========== Purity Check ==========
< End of report >
-
Here are the two logs
OTL Extras logfile created on: 12/13/2012 11:01:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Symesko\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
5.75 Gb Total Physical Memory | 4.29 Gb Available Physical Memory | 74.69% Memory free
11.49 Gb Paging File | 9.07 Gb Available in Paging File | 78.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 909.42 Gb Total Space | 656.83 Gb Free Space | 72.22% Space Free | Partition Type: NTFS
Drive D: | 21.79 Gb Total Space | 3.18 Gb Free Space | 14.57% Space Free | Partition Type: NTFS
Drive F: | 98.71 Mb Total Space | 88.57 Mb Free Space | 89.73% Space Free | Partition Type: FAT32
Computer Name: SYMESKO-LT | User Name: Symesko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3995993713-3184066139-968692001-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Sierra Wireless Inc\Watcher\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\Watcher\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09509B09-A20E-4EC5-844B-144F2D803AEB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{09F9009A-EF41-4AAE-8D08-3C74AFCBB863}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{12C5B76E-F2C0-4EE3-BA45-2FE5483FBF59}" = lport=445 | protocol=6 | dir=in | app=system |
"{12F613B8-4936-4EF1-B330-839BF5BEBCD4}" = rport=445 | protocol=6 | dir=out | app=system |
"{15477B3B-0AED-4607-96DB-887FACFF9CBA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{210775BE-9C7F-4059-84AE-7B68DE42C846}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{299FFFC1-9802-496B-AE46-EF36A4D52B8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38F224A2-9F2C-4CA8-8FB6-FB2079E467AD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4241DA6E-3490-421A-88A0-FA5581CDFBFD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4C26FE3D-1B03-48CF-A9F6-50B2F4BA4255}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{502C1B16-6E38-481B-884D-3B74AF3E5964}" = lport=138 | protocol=17 | dir=in | app=system |
"{52F89C4B-6D84-4367-888A-2E2F83198B1D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55347850-CA1F-4D4D-940C-DF4BEB4D7D23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5A894EF1-E0EC-4C16-A8A9-EA806CA3EBA0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{62A665D1-6F39-4042-AE4A-3ABB5A646A92}" = lport=139 | protocol=6 | dir=in | app=system |
"{69402169-3B7E-431F-BA80-1E1664FFEB7C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7039801C-1994-4C02-AF55-60E22CE16589}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7718ACED-E7DC-4BD2-BDE4-AE093971F93E}" = rport=138 | protocol=17 | dir=out | app=system |
"{920E4089-E534-4465-BCF5-349A765B07A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8DE6447-CB8A-4FAC-BF32-17D9EB922013}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AC163A75-A3EE-46DD-92D6-0C21B32743ED}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AEF952B8-DAA9-4017-9601-64FE0CB8CBF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BD8B4A61-235E-415E-906D-D604F2A51424}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D15E36CF-B6BE-4C60-827C-A87D7495B37E}" = rport=139 | protocol=6 | dir=out | app=system |
"{D1B71E89-41CE-418C-AF99-8306EE370A6D}" = lport=137 | protocol=17 | dir=in | app=system |
"{DBC8372D-B9B3-49DF-8354-DB1D87E084D5}" = rport=137 | protocol=17 | dir=out | app=system |
"{E1611F85-6590-43A5-BDF1-5940F95C2013}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8E6A2C1-E861-4CC4-ADE0-7D73CA14A503}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FA234F55-F31B-49C9-8862-8F579E63D150}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002695D9-6FC5-48C9-96FB-3E548DE7A49C}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{030A927A-5D26-41A0-9BE9-EE2DC03FAA74}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
"{062304AC-6DCA-4C92-8FE0-4D7A16A7E34A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0D605970-33DC-482B-9573-83F6DE5C6999}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft.temp\launcher.exe |
"{131BADBE-1DCF-472C-8209-1B5FD386C1E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{14117329-4B12-45E9-AF3D-4458DAA31B41}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{166E1771-E3C7-4AC0-92A8-B359E826B5C6}" = protocol=6 | dir=out | app=system |
"{167885C6-D071-49BD-ABE2-97C08BE93384}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{1D7000F9-64CE-4D5D-BA69-6DB19541217F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21276D78-6C24-4541-B786-A51A4925FBAB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{2130AA7A-0EAA-4BD1-8933-AEC6190DE918}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{21E81B1D-E4DD-4A0B-8AAB-C677701EDCD1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{25EB2757-5CA2-4BCA-A56E-D43583545D28}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |
"{2E55E7BC-A746-45D0-9FDE-EC36F6382A67}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{2FA9E544-6808-4DBF-8C99-B2AA9C3CDD79}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{30261BBE-D26C-4BBC-BD78-3F75177E980A}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{39DC6E3A-4769-4F23-B15E-DED2BBF3851E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{3B303FBC-259F-4229-9429-86471C239886}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{4051D5B5-3202-4962-80DB-E5F33881F493}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |
"{41CE6C17-2AE6-46B4-A0D2-E457CB1F0B1D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{443651D1-811F-40CC-AAEB-35BCF421ED6E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{49C16CAD-D956-4EC5-99E7-ED8E34A2F0E2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{4B219EAD-0F0D-44B0-9195-7B3F97DEE832}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4C98B0E1-D197-41E1-BDE8-0504F836162B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{4D241D13-277E-4EF2-840B-98E846B919E9}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{4FEA1CFC-1073-432A-AA15-7C39456883D7}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft.temp\launcher.exe |
"{57500B0B-964D-434A-A6B0-09D35F5223C2}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{5A9E5897-38AC-48C8-8F32-71FCD4D6A356}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{5F900569-5191-46FB-8E7E-25DD1362144A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5FF440B1-3403-472E-B654-71AFAFAA1FAB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{6175DC72-63EA-47AF-A25F-FB76F5E72566}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63296FED-0112-4EFC-91FB-3757689CAB67}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{6A4E10DD-BAD6-44FB-83E8-48AA3A525D9D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |
"{6BEA9952-4249-46F0-92AB-8137AF2E3A07}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7258E239-4EBD-4908-B485-D66E0E917A47}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{763E99AB-9623-4A8F-B3C0-29F54F819B4B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{795DF500-626F-412B-BF18-FD87D2FABF8F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{7BC8F09B-4E0B-40CF-BA26-F30620972FB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84592871-0879-4088-A612-BCC7EFF7DDB2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{863C166C-36F9-4989-BFD8-79A1DBDB356D}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{8BF3CB91-8395-41EC-A3FB-EF7483B47B8D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90410852-CD5A-4E96-AD3B-5DE43E20FA0A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{904173DF-C20C-4E68-BC03-140EE5F7EA2B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{90EF3CE3-9EC4-42D4-8A5B-A0E7261E987E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{927940D9-354F-40E1-B3AE-86F494D6B1AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96DFD82A-1D9B-40B9-8BF2-02A22CB6A5AD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{97DB02A1-5BFC-4174-89C5-FF6B06C5A1F3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9B984979-9147-48BB-AFEC-A1C4B520945B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C7BDEA4-5BDA-4DB7-B052-0F812A28B66D}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{A60AB9AD-4A3B-4837-87F7-65A7581B936E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{A745F342-7F70-40C9-9DA8-B178D8AEFD05}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{A7CD4556-61FB-43E6-900D-3BB86E3FCBCB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{AE685A90-99FB-4B71-A580-7BB107CD0571}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B1FCBE00-E002-4E73-B09E-D71E9483040E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{B472E4D4-C4FD-492C-9B1F-8121957E6153}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B6C1629A-B2FE-472A-9ED6-F244178DD393}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft.temp\launcher.patch.exe |
"{BA4C0BE9-00F5-4300-8DB2-CCAE3A463BF2}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |
"{BB1402C3-2EEB-47AC-B60C-58FF3A54CC24}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF756A8B-23FD-4FE3-AA1E-6605968759A4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2FB49FC-DD4D-4719-BD75-3C823A0B3111}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C3E93914-DDDE-4987-A26A-2BABB32C7B72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C76562F9-D1A3-4D59-B45D-D2A00F00B32D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C919CE87-919E-4B54-B5DD-1D3271C5F5DD}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{CFEADF16-FDB0-4414-A658-687E20E1A9C3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D6381608-31BC-447A-BCEB-FA0D92C05DEC}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
"{D8C59831-6F26-4444-8B4E-CD80DA599838}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{DF16622B-3F5C-4A4D-AD8F-B8B9A5E2E94C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{E1AEBC62-C1D7-4476-AA6F-E33A749D117D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{E8585484-A4C2-42AF-9761-7FFAF93AE68A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{EC687BBD-2898-44AA-B7EF-2399DCE64114}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ED01CDF8-E4D3-49BC-9BAC-7B839225E6E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EEF02052-1B91-4E2B-9D06-B02DDE0DEA71}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{F0799CF4-7DF8-46EC-8986-6CA446E70453}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F2ACE324-C6AE-4954-A8B0-F266DD77ACF2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{F89F45EE-9647-4A24-A378-12A1F085B149}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{F9A454F3-3781-44B3-924F-51E01B112C82}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft.temp\launcher.patch.exe |
"{FAF666CF-D14D-4FB5-A3A9-71F22EB0E51B}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{FB5AA6FF-CB84-4453-AAD3-558DC0C31FB0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{FCA10BE2-5B2C-4E98-B0B9-5FA472430BDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FDDC6810-A3FE-4BDF-884A-16A94D4B12EC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{3B829585-5C2B-43B4-AC8C-48677A100153}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{2BBDB323-C743-4D61-9044-A77246432D26}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard
"{426FAE9F-7373-496E-A215-9DB7EF4398CF}" = Validity Sensors DDK
"{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}" = HP SimplePass Identity Protection
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
"{7495DE6E-A83A-17DE-994A-C42D1D78B307}" = AMD Fuel
"{7B02BD23-7843-4481-5778-B20110993E0D}" = WMV9/VC-1 Video Playback
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B1F3524F-1F3B-4B79-0346-38669CD828C8}" = ccc-utility64
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64
"{FDAA17FB-9CDD-AA3B-ED37-FA6F0C052123}" = ATI Catalyst Install Manager
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HoldemManager" = Holdem Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A00CD93-492D-0B32-C144-A8B9792CCE3E}" = Catalyst Control Center Localization All
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{52F8811F-2BA4-F47F-600C-8C93C94E93DD}" = Catalyst Control Center InstallProxy
"{5BC352F2-A0F5-5162-B519-ADCD72761DCE}" = ccc-core-static
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C302296-6129-4125-9FD6-2188ECD8814E}" = HP Software Framework
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D4318AC-9560-46F0-910F-0B38D6CDC009}" = HP Documentation
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{818E0212-DA58-E255-00D2-4C22D50A12F2}" = CCC Help English
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95587AD6-8953-3288-49A1-4BBD8655E94D}" = Catalyst Control Center Graphics Previews Common
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B34FE99A-48DD-3564-761E-6BB78FBE5DB9}" = Catalyst Control Center InstallProxy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1D11949-25D7-4C0F-AA72-7759FD8A089B}" = Sierra Wireless Watcher
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D1F80EFD-A032-4E8E-A367-70C44AD4DCE0}" = ISCOM
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE661711-E392-4B3F-A4A7-02C747C09134}" = ISCOM
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Diablo III" = Diablo III
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ExpressVPN" = ExpressVPN v3.091
"Google Chrome" = Google Chrome
"HoldemManager2" = Holdem Manager 2
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSC" = McAfee Total Protection
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PokerStars" = PokerStars
"Portforward Static IP Address" = Portforward Static IP Address 1.0.45
"StarCraft II" = StarCraft II
"Veetle TV" = Veetle TV
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WT087328" = Blackhawk Striker 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087374" = Jewel Quest - Heritage
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3995993713-3184066139-968692001-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/12/2012 2:35:24 AM | Computer Name = Symesko-LT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10062
Error - 12/12/2012 6:00:34 AM | Computer Name = Symesko-LT | Source = Application Error | ID = 1000
Description = Faulting application name: atieclxx.exe, version: 6.14.11.1069, time
stamp: 0x4c96bf4d Faulting module name: atiadlxx.dll, version: 6.14.10.1054, time
stamp: 0x4c96b718 Exception code: 0xc0000005 Fault offset: 0x000000000001f468 Faulting
process id: 0x504 Faulting application start time: 0x01cdd824cf472b24 Faulting application
path: C:\Windows\system32\atieclxx.exe Faulting module path: C:\Windows\system32\atiadlxx.dll
Report
Id: c50d801f-4442-11e2-93a7-f8b8d9e4c4f2
Error - 12/12/2012 6:27:13 AM | Computer Name = Symesko-LT | Source = VSS | ID = 8194
Description =
Error - 12/12/2012 6:34:52 AM | Computer Name = Symesko-LT | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error - 12/12/2012 6:58:34 AM | Computer Name = Symesko-LT | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 12/12/2012 7:05:27 AM | Computer Name = Symesko-LT | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 12/12/2012 10:25:46 PM | Computer Name = Symesko-LT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/12/2012 10:25:46 PM | Computer Name = Symesko-LT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 53767148
Error - 12/12/2012 10:25:46 PM | Computer Name = Symesko-LT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 53767148
Error - 12/14/2012 12:37:49 AM | Computer Name = Symesko-LT | Source = VSS | ID = 8194
Description =
[ Hewlett-Packard Events ]
Error - 4/4/2012 9:12:52 PM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000
Description =
Error - 5/22/2012 11:01:16 PM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000
Description =
Error - 6/15/2012 7:24:11 AM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000
Description =
Error - 6/15/2012 7:50:29 AM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000
Description =
Error - 6/15/2012 7:50:29 AM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000
Description =
Error - 7/14/2012 2:28:40 PM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000
Description =
Error - 8/14/2012 7:40:39 AM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000
Description =
Error - 10/2/2012 11:38:55 PM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000
Description =
Error - 10/26/2012 2:03:48 AM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000
Description =
Error - 11/14/2012 7:47:12 PM | Computer Name = Symesko-LT | Source = HPSF.exe | ID = 4000
Description =
[ HP Wireless Assistant Events ]
Error - 8/23/2011 7:49:49 PM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 10/1/2011 8:54:34 PM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 1/5/2012 1:46:13 AM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 3/18/2012 2:44:08 PM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 3/18/2012 2:44:15 PM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 3/20/2012 11:45:45 AM | Computer Name = Symesko-LT | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 6/7/2012 12:55:19 AM | Computer Name = Symesko-LT | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)
Error - 6/7/2012 12:55:56 AM | Computer Name = Symesko-LT | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
Error - 6/13/2012 3:10:34 AM | Computer Name = Symesko-LT | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)
Error - 6/13/2012 3:10:46 AM | Computer Name = Symesko-LT | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
[ System Events ]
Error - 12/12/2012 12:56:37 AM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Net.Pipe
Listener Adapter service to connect.
Error - 12/12/2012 12:56:37 AM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7000
Description = The Net.Pipe Listener Adapter service failed to start due to the following
error: %%1053
Error - 12/12/2012 12:56:37 AM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7001
Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing
Service service which failed to start because of the following error: %%1053
Error - 12/12/2012 6:24:39 AM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058
Error - 12/12/2012 6:25:49 AM | Computer Name = Symesko-LT | Source = DCOM | ID = 10016
Description =
Error - 12/12/2012 10:25:34 PM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HP Wireless Assistant Service service.
Error - 12/14/2012 12:34:24 AM | Computer Name = Symesko-LT | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:34:53 PM on ?12/?12/?2012 was unexpected.
Error - 12/14/2012 12:34:39 AM | Computer Name = Symesko-LT | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058
Error - 12/14/2012 12:35:44 AM | Computer Name = Symesko-LT | Source = DCOM | ID = 10016
Description =
Error - 12/14/2012 12:39:34 AM | Computer Name = Symesko-LT | Source = DCOM | ID = 10010
Description =
< End of report >
-
So, I'm starting to think the clean stretches I get are just flukes, or maybe the virus goes hiding lol.... I didn't use my laptop at all for anything after my last post until last night. When I logged in to google some stuff, the virus was back and as annoying as always....
-
Ok.
I deleted the one Java, Updated the other. Updated Adobe Flash and Reader. I updated IE and since I don't use FF I uninstalled it. After this was done, I tried a search and got redirected. Then I reset IE to defaults and have had 10 clean searchers while using Chrome.
Please note, I'm going out of town for the next week. I will have the infected laptop with me, and will be able to continue with this thread, just might be a bit more sporadic. Thanks greatly again for all the help so far!
-
And.... it's back.
Not sure if it's related at all, but I was disconnected from the internet a few times very briefly just before the latest redirect. I was playing some Online games, and D/C'd three times in quick succession... it was when I went to google search D/C issues with the game that I started getting re-directed again.
-
Here are the results
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java 6 Update 37
Java version out of Date!
Adobe Flash Player 11.4.402.287 Flash Player out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 8.0 Firefox out of Date!
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
-
I ran it twice, because I was thinking this was an error, but this was the result both times.
UNSUPPORTED OPERATING SYSTEM! ABORTED!
-
Alright, I have Reset IE to defaults. I just tried about 10 searches (using Chrome) and didn't get a single re-direct. Hopefully this is some headway....
-
Here is the ESET scan results
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-12-09 10:12:43
# local_time=2012-12-09 03:12:43 (-0700, Mountain Standard Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777213 100 90 2501705 116947341 0 0
# compatibility_mode=5893 16776574 100 94 40883080 106634613 0 0
# scanned=303138
# found=0
# cleaned=0
# scan_time=11021
-
Created a new browers profile, that did not fix anything.
Reinstalled Chrome, that also did not fix it.
I have noticed that now (today at least), it is redirecting me to "Ihavenet.com" search engine. It seems to change the search engine it redirects to daily.
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.8.9 (12.05.2012:5)
OS: Windows 7 Home Premium x64
Ran by Symesko on 08/12/2012 at 16:42:30.70
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/12/2012 at 16:49:06.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Livesearchnow redirect virus
in Resolved Malware Removal Logs
Posted
I haven't had any redirects in the past few days, so it seems to be better.