Jump to content

conduit search tab


Recommended Posts

Hi, I am getting a tab from conduit com that is opening up when I start chrome. I am also getting a pop up window from PC helper. Please help.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2

Run by Todd at 9:07:08 on 2012-12-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6391 [GMT -6:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\SysWOW64\schtasks.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\msiexec.exe

C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uURLSearchHooks: {37483b40-c254-4a72-bda4-22ee90182c1e} - <orphaned>

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Google Update] "C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [MusicManager] "C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Family Tree Builder Update] C:\Users\Todd\MyHeritage\Bin\FTBCheckUpdates.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

StartupFolder: C:\Users\Todd\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:149

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033} : NameServer = 216.176.95.129,216.176.95.161

TCP: Interfaces\{F57E66B0-60C0-49C0-B8B6-44854D1F37EA} : DHCPNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= c:\progra~3\pcperf~1\25945~1.13\{fc772~1\pcpmngr.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-24 13336]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-1-27 226624]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]

R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-11-24 1705600]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-24 56344]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]

R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-12-15 4862368]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-24 239616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2011-11-24 98616]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-27 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-5 1255736]

.

=============== Created Last 30 ================

.

2012-12-27 09:00:50 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

2012-12-27 06:44:50 -------- d-----w- C:\Users\Todd\AppData\Roaming\PerformerSoft

2012-12-27 06:33:51 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ABE16860-B558-4092-917C-542D9EEB9619}\offreg.dll

2012-12-27 05:47:06 -------- d-----w- C:\Users\Todd\AppData\Local\ArmA 2

2012-12-26 19:42:56 19632 ----a-w- C:\Windows\System32\roboot64.exe

2012-12-26 19:42:53 -------- d-----w- C:\Program Files (x86)\PC Performer

2012-12-26 19:42:48 -------- d-----w- C:\Program Files (x86)\File Scout

2012-12-26 19:42:46 -------- d-----w- C:\Windows\SysWow64\searchplugins

2012-12-26 19:42:46 -------- d-----w- C:\Windows\SysWow64\Extensions

2012-12-26 19:42:37 33856 ---ha-w- C:\Windows\System32\hamachi.sys

2012-12-26 19:42:34 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-12-26 19:42:15 -------- d-----w- C:\Users\Todd\AppData\Local\LogMeIn Hamachi

2012-12-26 18:53:06 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ABE16860-B558-4092-917C-542D9EEB9619}\mpengine.dll

2012-12-25 21:28:12 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-25 21:26:26 -------- d-----w- C:\Users\Todd\AppData\Local\Logitech® Webcam Software

2012-12-25 21:22:26 53248 ----a-r- C:\Users\Todd\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-12-25 21:22:06 -------- d-----w- C:\Program Files (x86)\Common Files\LWS

2012-12-23 19:28:29 -------- d-----w- C:\Program Files\Elgato

2012-12-23 19:28:02 -------- d-----w- C:\Users\Todd\AppData\Roaming\Elgato

2012-12-23 19:27:50 -------- d-----w- C:\Program Files (x86)\Elgato

2012-12-22 09:00:36 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-22 09:00:36 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-22 09:00:35 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-22 09:00:34 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-19 18:13:30 -------- d-----w- C:\Users\Todd\AppData\Local\Wondershare

2012-12-19 18:13:29 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare

2012-12-19 18:13:23 -------- d-----w- C:\Program Files (x86)\Wondershare

2012-12-14 15:55:17 -------- d-----w- C:\Users\Todd\AppData\Local\My Games

2012-12-14 15:16:41 -------- d-----w- C:\Program Files (x86)\2K Games

2012-12-13 20:30:28 5955856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-11-30 01:32:35 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52B7B6BD-4D46-4963-9306-12E011C25822}\gapaengine.dll

.

==================== Find3M ====================

.

2012-12-11 23:02:14 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-11 23:02:14 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-27 06:26:55 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-27 05:51:21 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 9:07:30.53 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 3/1/2010 1:00:41 PM

System Uptime: 12/27/2012 8:23:26 AM (1 hours ago)

.

Motherboard: MSI | | IONA

Processor: Intel® Core i5 CPU 650 @ 3.20GHz | CPU 1 | 2528/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 920 GiB total, 732.864 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.585 GiB free.

E: is CDROM (UDF)

F: is Removable

G: is Removable

H: is Removable

I: is Removable

K: is Removable

N: is FIXED (NTFS) - 298 GiB total, 195.698 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart Prem C410 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart Prem C410 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP349: 12/26/2012 11:44:47 PM - Installed DirectX

RP350: 12/27/2012 3:00:30 AM - Windows Update

RP351: 12/27/2012 8:54:48 AM - Removed LogMeIn Hamachi

RP352: 12/27/2012 8:56:13 AM - Removed LogMeIn Hamachi

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.5

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ARMA 2

ARMA 2: Operation Arrowhead

AVG 2012

BattlEye Uninstall

Bonjour

BufferChm

C410

CameraHelperMsi

CamStudio OSS Desktop Recorder

CCleaner

Civilization IV Complete

Command & Conquer™ Red Alert™ 3

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite Deluxe

D3DX10

DC Universe Online

Destinations

DeviceDiscovery

DirectX for Managed Code Update (Summer 2004)

DocProc

DVD Menu Pack for HP MediaSmart Video

Elgato Game Capture HD

erLT

ESET Online Scanner v3

Fax

ffdshow [rev 2527] [2008-12-19]

Game Capture HD v2.3.3.38

Global Agenda

Google Chrome

Google Talk Plugin

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.1.0

HiJackThis

HP Advisor

HP Customer Experience Enhancements

HP Customer Participation Program 14.0

HP Games

HP Imaging Device Functions 14.0

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP MediaSmart SmartMenu

HP MediaSmart/TouchSmart Netflix

HP Odometer

HP Photo Creations

HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7

HP Remote Solution

HP Setup

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Support Assistant

HP Support Information

HP Update

HPAppStudio

HPPhotoGadget

HPProductAssistant

HPSSupply

Hulu Desktop

Intel® Rapid Storage Technology

Internet TV for Windows Media Center

iTunes

Java 7 Update 7

Java Auto Updater

Java 6 Update 20

Java 7 Update 5 (64-bit)

JavaFX 2.1.0

Junk Mail filter update

LabelPrint

LG USB Modem driver

LightScribe System Software

Logitech Webcam Software

LogMeIn Hamachi

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.65.1.1000

MarketResearch

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Expression Encoder 4

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Works

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0

Microsoft® Winter Fun Pack 2004 for Windows® XP

MotoHelper 2.0.45 Driver 5.0.0

MotoHelper MergeModules

Motorola Mobile Drivers Installation 5.0.0

Movie Theme Pack for HP MediaSmart Video

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Manager

MyHeritage Family Tree Builder

Netflix in Windows Media Center

Network64

NVIDIA Drivers

NVIDIA PhysX

OCR Software by I.R.I.S. 14.0

OF Dragon Rising

OpenOffice.org 3.2

Origin

PC Performer

PictureMover

PlayReady PC Runtime amd64

Power2Go

PowerDirector

PS_AIO_07_C410_SW_Min

Quicken 2010

QuickTransfer

Realtek High Definition Audio Driver

Recovery Manager

Revo Uninstaller 1.94

RLPrintPlugin

SAMSUNG USB Driver for Mobile Phones

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Shop for HP Supplies

Skype Click to Call

Skype™ 5.10

SmartWebPrinting

SolutionCenter

SpeechRedist

Status

Steam

The Sims Medieval

The Sims™ 3

The Sims™ 3 Pets

The Sims™ 3 Seasons

The Sims™ 3 Supernatural

Toolbox

TrayApp

Unified Remote

Unreal Tournament 3

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update Installer for WildTangent Games App

Verizon V CAST Media Manager

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

WebReg

WildTangent Games App (HP Games)

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 beta 2 (32-bit)

WolfQuest

Zoo Tycoon 2 - Ultimate Collection

.

==== Event Viewer Messages From Past Week ========

.

12/27/2012 12:43:14 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

12/26/2012 2:21:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

12/26/2012 2:21:28 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/26/2012 1:42:37 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/26/2012 1:42:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.

12/26/2012 1:42:37 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 48 hours, please send me a PM)

Link to post
Share on other sites

# AdwCleaner v2.103 - Logfile created 12/27/2012 at 09:49:17

# Updated 25/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Todd - TODD-PC

# Boot Mode : Normal

# Running from : C:\Users\Todd\Downloads\adwcleaner (1).exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

Folder Found : C:\Users\Todd\AppData\Roaming\PerformerSoft

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7168 octets] - [27/12/2012 00:34:35]

AdwCleaner[R2].txt - [1315 octets] - [27/12/2012 09:49:17]

AdwCleaner[s1].txt - [7043 octets] - [27/12/2012 00:40:18]

########## EOF - C:\AdwCleaner[R2].txt - [1435 octets] ##########

RogueKiller V8.4.1 [Dec 27 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Todd [Admin rights]

Mode : Scan -- Date : 12/27/2012 09:46:26

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] MusicManager.exe -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe -> KILLED [TermProc]

[sUSP PATH] GoogleCrashHandler.exe -- C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe -> KILLED [TermProc]

[sUSP PATH] GoogleCrashHandler64.exe -- C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1413658493-208379941-2510509854-1001[...]\Run : MusicManager ("C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND

[TASK][sUSP PATH] RunAsStdUser Task : "C:\Users\Todd\AppData\Local\cheerychickenSA\bin\1.0.8.0\CheeryChickenSA.exe" -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033} : NameServer (216.176.95.129,216.176.95.161) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033} : NameServer (216.176.95.129,216.176.95.161) -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721010SLA360 +++++

--- User ---

[MBR] 4e429ab2b3be844df02191337f2bab0a

[bSP] c6c33eca83b53313d44db8aa65917135 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942525 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930498048 | Size: 11242 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Maxtor 3200 USB Device +++++

--- User ---

[MBR] 753957cf0bfe82d02b91cb4fca2411c7

[bSP] 2871bdccde8cdce0919fe98d2a30f585 : Legit3 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive2: HP Photosmart Prem USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_12272012_02d0946.txt >>

RKreport[1]_S_12272012_02d0946.txt

Link to post
Share on other sites

Some adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

~~~~~~~~~~~~~~~~~~~

Next..........

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

MrC

Link to post
Share on other sites

# AdwCleaner v2.103 - Logfile created 12/28/2012 at 00:43:13

# Updated 25/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Todd - TODD-PC

# Boot Mode : Normal

# Running from : C:\Users\Todd\Downloads\adwcleaner (1).exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

Folder Deleted : C:\Users\Todd\AppData\Roaming\PerformerSoft

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7168 octets] - [27/12/2012 00:34:35]

AdwCleaner[R2].txt - [1504 octets] - [27/12/2012 09:49:17]

AdwCleaner[R3].txt - [1564 octets] - [28/12/2012 00:42:39]

AdwCleaner[s1].txt - [7043 octets] - [27/12/2012 00:40:18]

AdwCleaner[s2].txt - [1507 octets] - [28/12/2012 00:43:13]

########## EOF - C:\AdwCleaner[s2].txt - [1567 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.2.8 (12.27.2012:2)

OS: Windows 7 Home Premium x64

Ran by Todd on Fri 12/28/2012 at 0:51:29.39

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{37483b40-c254-4a72-bda4-22ee90182c1e}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{37483b40-c254-4a72-bda4-22ee90182c1e}

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-1413658493-208379941-2510509854-1001\software\web assistant"

Successfully deleted: [Registry Key] hkey_current_user\software\filescout

Successfully deleted: [Registry Key] hkey_current_user\software\performersoft

Successfully deleted: [Registry Key] hkey_local_machine\software\performersoft

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}

~~~ Files

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Todd\AppData\Roaming\performersoft"

Successfully deleted: [Folder] "C:\Program Files (x86)\file scout"

Successfully deleted: [Folder] "C:\Program Files (x86)\pc performer"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc performer"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 12/28/2012 at 0:55:29.76

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

OTL logfile created on: 12/28/2012 9:24:46 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Todd\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 82.37% Memory free

15.86 Gb Paging File | 13.91 Gb Available in Paging File | 87.74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 920.43 Gb Total Space | 730.99 Gb Free Space | 79.42% Space Free | Partition Type: NTFS

Drive D: | 10.98 Gb Total Space | 1.58 Gb Free Space | 14.44% Space Free | Partition Type: NTFS

Drive E: | 3.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive N: | 298.09 Gb Total Space | 195.70 Gb Free Space | 65.65% Space Free | Partition Type: NTFS

Computer Name: TODD-PC | User Name: Todd | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/28 09:24:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Todd\Downloads\OTL.com

PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/12/10 13:11:50 | 007,416,320 | ---- | M] (Google Inc.) -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

PRC - [2012/09/20 07:29:23 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/12/15 05:24:00 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe

PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/01/27 15:13:50 | 000,226,624 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

PRC - [2011/01/27 15:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

PRC - [2009/12/01 19:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2009/10/02 15:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/10 13:00:40 | 000,344,064 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll

MOD - [2012/12/10 13:00:28 | 000,231,936 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll

MOD - [2012/12/10 12:59:52 | 000,117,248 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\libaacdec.dll

MOD - [2012/12/10 12:59:50 | 000,253,440 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\libid3tag.dll

MOD - [2012/12/04 19:15:15 | 012,456,040 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll

MOD - [2012/12/04 19:15:15 | 000,460,904 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll

MOD - [2012/12/04 19:15:14 | 004,008,040 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll

MOD - [2012/12/04 19:14:29 | 000,587,880 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll

MOD - [2012/12/04 19:14:28 | 000,124,520 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll

MOD - [2012/12/04 19:14:21 | 000,157,304 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll

MOD - [2012/12/04 19:14:20 | 000,275,576 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll

MOD - [2012/12/04 19:14:19 | 002,168,952 | ---- | M] () -- C:\Users\Todd\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll

MOD - [2012/11/16 15:43:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll

MOD - [2012/11/16 15:43:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll

MOD - [2012/11/16 15:42:56 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll

MOD - [2012/11/16 15:42:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll

MOD - [2012/11/16 15:42:41 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll

MOD - [2012/11/16 15:42:39 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll

MOD - [2012/11/16 15:42:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll

MOD - [2012/11/16 15:42:35 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll

MOD - [2012/09/25 09:53:12 | 000,026,624 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll

MOD - [2012/09/25 09:53:02 | 010,683,392 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll

MOD - [2012/09/25 09:53:02 | 001,681,408 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll

MOD - [2012/09/25 09:53:00 | 007,741,952 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\QtGui4.dll

MOD - [2012/09/25 09:52:58 | 002,248,192 | ---- | M] () -- C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\QtCore4.dll

MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/12/12 15:44:08 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

MOD - [2011/11/11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll

MOD - [2011/11/11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll

MOD - [2011/11/11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll

MOD - [2011/11/11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll

MOD - [2011/11/11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll

MOD - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe

MOD - [2011/01/27 15:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

MOD - [2009/12/01 19:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/12/26 14:21:18 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/12/11 17:02:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/12/15 05:24:00 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/01/27 15:13:50 | 000,226,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)

SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/15 05:15:42 | 004,862,368 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)

DRV:64bit: - [2011/12/15 05:15:34 | 000,351,392 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2011/11/24 22:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)

DRV:64bit: - [2011/10/04 04:22:14 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2011/10/04 04:22:14 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)

DRV:64bit: - [2011/10/04 04:22:14 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)

DRV:64bit: - [2011/10/04 04:22:14 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/01/21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)

DRV:64bit: - [2010/01/21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)

DRV:64bit: - [2010/01/21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)

DRV:64bit: - [2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/09/11 10:19:08 | 001,705,600 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)

DRV:64bit: - [2009/09/11 10:18:28 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)

DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/05 09:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Todd\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/16 17:18:08 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/16 17:18:08 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{182812ed-1c22-4e1f-9a8d-990282d594da}: C:\ProgramData\PC Performer Manager\2.5.945.13\{fc772784-ef6f-4718-83f3-3d6f8a22fa66}\FirefoxExtension

[2012/09/06 09:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/12/20 21:07:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010/01/19 16:47:28 | 000,085,184 | ---- | M] (Renaissance Learning Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npRLPrint.dll

[2010/12/09 04:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: ()

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - homepage: http://search.conduit.com/?ctid=CT3227981&SearchSource=48

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.0.1.424_0\

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdklpjiiiehhjfjgicmefnefednelhed\1_0\

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmggblpgblcoomebaelghgmdgdeknmhg\1.0.7_0\

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnpakemckpkcpilpphdmcfehofhefmoa\1.1_0\

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhlckbnnjkfnlakipclhedkhggpddeo\0.0.2_0\

CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2012/06/08 10:51:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Family Tree Builder Update] C:\Users\Todd\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001..\Run: [MusicManager] C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)

O4 - Startup: C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.7.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F57E66B0-60C0-49C0-B8B6-44854D1F37EA}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/09/28 07:30:38 | 000,055,176 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]

O32 - AutoRun File - [2012/09/28 03:48:28 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/28 00:51:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2012/12/28 00:51:05 | 000,000,000 | ---D | C] -- C:\JRT

[2012/12/27 19:13:31 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\six-zsync

[2012/12/27 19:13:31 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\six-updater

[2012/12/27 19:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects

[2012/12/27 19:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Projects

[2012/12/27 18:48:51 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\Downloaded Installations

[2012/12/27 12:40:26 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\ArmA 2 OA

[2012/12/27 12:03:07 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\DayZCommander

[2012/12/27 12:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios

[2012/12/27 09:45:57 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\RK_Quarantine

[2012/12/27 03:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

[2012/12/26 23:47:06 | 000,000,000 | ---D | C] -- C:\Users\Todd\Documents\ArmA 2

[2012/12/26 23:47:06 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\ArmA 2

[2012/12/26 23:47:02 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive

[2012/12/26 23:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive

[2012/12/26 13:42:56 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe

[2012/12/26 13:42:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins

[2012/12/26 13:42:46 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PCPerformer

[2012/12/26 13:42:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions

[2012/12/26 13:42:37 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys

[2012/12/26 13:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2012/12/26 13:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2012/12/26 13:42:15 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\LogMeIn Hamachi

[2012/12/25 15:26:26 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\Logitech® Webcam Software

[2012/12/25 15:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd

[2012/12/25 15:22:26 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Leadertech

[2012/12/25 15:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech

[2012/12/25 15:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS

[2012/12/25 15:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

[2012/12/25 15:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech

[2012/12/25 15:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd

[2012/12/25 15:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd

[2012/12/23 13:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato

[2012/12/23 13:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Elgato

[2012/12/23 13:28:02 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Elgato

[2012/12/23 13:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elgato

[2012/12/19 12:13:30 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\Wondershare

[2012/12/19 12:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare

[2012/12/19 12:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare

[2012/12/19 12:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare

[2012/12/19 12:13:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare

[2012/12/15 16:12:44 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\META-INF

[2012/12/14 09:55:17 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\My Games

[2012/12/14 09:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games

[2012/12/14 09:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games

[2012/12/04 07:11:23 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\New folder

[2012/12/02 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\Minecraft_Server

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Todd\*.tmp files -> C:\Users\Todd\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/28 09:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/12/28 08:59:52 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job

[2012/12/28 08:59:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/28 00:51:38 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/28 00:51:38 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/28 00:48:48 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/12/28 00:48:48 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/12/28 00:48:48 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/12/28 00:44:17 | 2090,135,551 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/27 19:13:02 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk

[2012/12/27 19:13:02 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk

[2012/12/27 15:01:10 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job

[2012/12/27 12:32:59 | 000,000,222 | ---- | M] () -- C:\Users\Todd\Desktop\ARMA 2 Operation Arrowhead Beta.url

[2012/12/27 12:20:38 | 000,001,368 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk

[2012/12/27 00:38:55 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTodd.job

[2012/12/27 00:38:55 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\PC Performer_UPDATES.job

[2012/12/26 16:44:37 | 000,000,221 | ---- | M] () -- C:\Users\Todd\Desktop\ARMA 2 Operation Arrowhead.url

[2012/12/26 16:27:45 | 000,000,221 | ---- | M] () -- C:\Users\Todd\Desktop\ARMA 2.url

[2012/12/26 10:44:48 | 000,002,184 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Seasons.lnk

[2012/12/26 10:39:53 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk

[2012/12/26 10:39:22 | 000,002,228 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Supernatural.lnk

[2012/12/26 08:34:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job

[2012/12/25 15:21:54 | 000,001,586 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk

[2012/12/23 13:28:31 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Game Capture HD.lnk

[2012/12/22 03:17:31 | 000,359,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/12/19 15:53:34 | 000,019,632 | ---- | M] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe

[2012/12/14 09:46:04 | 000,002,605 | ---- | M] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 - Colonization.lnk

[2012/12/14 09:43:41 | 000,002,802 | ---- | M] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 - Beyond The Sword.lnk

[2012/12/14 09:38:21 | 000,002,709 | ---- | M] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 - Warlords.lnk

[2012/12/14 09:36:44 | 000,002,567 | ---- | M] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 Complete.lnk

[2012/12/12 19:29:15 | 000,002,481 | ---- | M] () -- C:\Users\Todd\Desktop\Google Chrome.lnk

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Todd\*.tmp files -> C:\Users\Todd\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/27 19:13:02 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Updater.lnk

[2012/12/27 19:13:02 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Launcher.lnk

[2012/12/27 12:32:59 | 000,000,222 | ---- | C] () -- C:\Users\Todd\Desktop\ARMA 2 Operation Arrowhead Beta.url

[2012/12/27 12:02:49 | 000,001,368 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk

[2012/12/26 16:44:37 | 000,000,221 | ---- | C] () -- C:\Users\Todd\Desktop\ARMA 2 Operation Arrowhead.url

[2012/12/26 16:27:45 | 000,000,221 | ---- | C] () -- C:\Users\Todd\Desktop\ARMA 2.url

[2012/12/26 13:43:12 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\PC Performer_DEFAULT.job

[2012/12/26 13:43:11 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\PC Performer_UPDATES.job

[2012/12/26 10:44:48 | 000,002,184 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Seasons.lnk

[2012/12/26 10:39:22 | 000,002,228 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Supernatural.lnk

[2012/12/25 15:21:54 | 000,001,586 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk

[2012/12/23 13:28:31 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Game Capture HD.lnk

[2012/12/14 09:46:04 | 000,002,605 | ---- | C] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 - Colonization.lnk

[2012/12/14 09:43:41 | 000,002,802 | ---- | C] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 - Beyond The Sword.lnk

[2012/12/14 09:38:21 | 000,002,709 | ---- | C] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 - Warlords.lnk

[2012/12/14 09:36:44 | 000,002,567 | ---- | C] () -- C:\Users\Public\Desktop\Play Sid Meier's Civilization 4 Complete.lnk

[2012/11/08 20:03:18 | 000,010,945 | ---- | C] () -- C:\Users\Todd\lakers.jpg

[2012/08/14 11:57:44 | 000,027,520 | ---- | C] () -- C:\Users\Todd\AppData\Local\dt.dat

[2012/08/09 08:34:37 | 000,001,075 | ---- | C] () -- C:\Users\Todd\Documents - Shortcut.lnk

[2012/06/19 08:44:19 | 000,000,397 | ---- | C] () -- C:\Windows\MyHeritage.INI

[2012/06/19 08:42:20 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll

[2012/04/27 07:34:39 | 000,167,754 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.1

[2012/04/27 07:34:36 | 000,438,649 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.0

[2012/04/27 07:34:36 | 000,172,135 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.JPG

[2011/12/15 05:23:04 | 010,920,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2011/12/15 05:23:04 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2011/12/15 05:23:04 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2011/07/18 17:02:31 | 000,001,854 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\GhostObjGAFix.xml

[2011/04/25 12:14:51 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/02/02 20:46:18 | 000,290,614 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp0804092050A.JPG

[2011/01/24 17:51:48 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat.temp

[2011/01/16 17:10:37 | 000,212,799 | ---- | C] () -- C:\Windows\hpoins52.dat

[2011/01/09 21:06:58 | 000,644,496 | ---- | C] () -- C:\Users\Todd\EBOOT.BIN

[2010/09/23 18:33:59 | 002,772,410 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp011.JPG

[2010/08/08 09:46:55 | 000,010,622 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.0

[2010/08/08 09:46:55 | 000,009,555 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.JPG

[2010/04/23 21:21:06 | 000,000,000 | ---- | C] () -- C:\Users\Todd\AppData\Local\prvlcl.dat

[2010/03/27 10:36:33 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini

[2010/03/09 09:08:34 | 000,002,868 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/27 19:02:12 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\.minecraft

[2012/12/24 14:03:22 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\.techniclauncher

[2012/09/06 12:51:48 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/12/23 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Elgato

[2012/09/16 14:34:42 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Hi-Rez Studios

[2012/12/25 15:22:26 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Leadertech

[2012/06/19 08:47:55 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\MyHeritage

[2010/11/23 20:45:33 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\OpenOffice.org

[2012/12/26 10:40:51 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Origin

[2010/03/01 13:07:51 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\PictureMover

[2011/09/30 09:11:48 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Red Alert 3

[2012/10/06 10:00:25 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\redsn0w

[2012/12/27 19:13:53 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\six-updater

[2012/12/27 19:13:31 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\six-zsync

[2012/08/13 08:49:34 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\skyz

[2012/09/03 10:56:00 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Softland

[2010/06/22 14:58:20 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Template

[2012/06/19 08:42:19 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\The Complete Genealogy Reporter - FTB

[2010/03/08 08:21:16 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Tific

[2011/09/26 11:26:04 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Unified Remote

[2011/01/15 17:29:12 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Visan

[2010/03/25 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\WinBatch

[2011/04/07 16:20:37 | 000,000,000 | ---D | M] -- C:\Users\Todd\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 12/28/2012 9:24:46 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Todd\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 82.37% Memory free

15.86 Gb Paging File | 13.91 Gb Available in Paging File | 87.74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 920.43 Gb Total Space | 730.99 Gb Free Space | 79.42% Space Free | Partition Type: NTFS

Drive D: | 10.98 Gb Total Space | 1.58 Gb Free Space | 14.44% Space Free | Partition Type: NTFS

Drive E: | 3.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive N: | 298.09 Gb Total Space | 195.70 Gb Free Space | 65.65% Space Free | Partition Type: NTFS

Computer Name: TODD-PC | User Name: Todd | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1680CD06-BFF7-43E4-9D08-09551A26AA3E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1B0BB38A-FC76-4E44-8A8C-40505DE6DD40}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1E853D4C-D5F0-4E43-8A41-105C80F97E30}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{1FE7B7FD-B40E-4D4E-8BA8-B16ECAB38568}" = lport=445 | protocol=6 | dir=in | app=system |

"{21CA8BFC-5947-44A6-A1A4-3D96A62DDE23}" = lport=138 | protocol=17 | dir=in | app=system |

"{255B775F-FF61-44CE-9146-9BDD4A18CADA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2949CDB7-BF91-4EEA-877C-F06C59BDB902}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{299C91C3-9AF4-493F-91C2-8C0797F2880A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{2F476D1E-5689-4AB8-B415-4193B2DEE632}" = lport=2869 | protocol=6 | dir=in | app=system |

"{30EB6B80-6C97-4265-8AB8-3BA920A73E56}" = lport=139 | protocol=6 | dir=in | app=system |

"{31EE1863-8632-4960-B4AF-A9CD848CC1D0}" = lport=10243 | protocol=6 | dir=in | app=system |

"{3D90B995-11A0-4CD9-814F-38C3C1CCF3E5}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{549B6A82-F111-4675-B895-2613C7FACA79}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{5AF5333C-C845-4442-81BC-B317057FCFC5}" = rport=445 | protocol=6 | dir=out | app=system |

"{65113FBB-6C9C-4859-8B76-0A3EE3D3BFB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{67DB2624-2E75-4638-9CBC-92B12830F962}" = lport=137 | protocol=17 | dir=in | app=system |

"{6D91A60E-7B91-4082-84F8-A3E383638071}" = rport=10243 | protocol=6 | dir=out | app=system |

"{7AFA6407-7F3D-46AB-8BE0-48B9258A0BAC}" = rport=139 | protocol=6 | dir=out | app=system |

"{8F45F946-7C20-4A38-9B0F-67AE4A27C2A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8FA71BFA-D9EE-4711-9806-780CFD7C1C65}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{95767230-086F-43C3-A5EC-5FDCBA923860}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{96BF503D-0BB0-456E-A753-E2A28BFF53ED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{B713CCE7-980D-43E1-9987-2A284EFC620A}" = rport=138 | protocol=17 | dir=out | app=system |

"{D087028D-6875-4387-B983-C97FEEC45FE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D86193DC-A120-4282-86B4-79575401FBAA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{DE5E092B-D2D7-475C-8AAB-E056EAA16D7F}" = rport=137 | protocol=17 | dir=out | app=system |

"{E21A6A81-5F4F-4657-B10F-3AAD8F411D17}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{EC9C387D-3314-4BD8-8FCC-7543A65F6F72}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{EE710245-9A2C-4534-8658-72619AB32F4F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01CA4574-D227-4340-BE84-A66C1E5D9517}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{058CDB00-EBE0-40B2-86C9-96BB10F012A8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |

"{05A20C0F-F2A7-4919-BD6F-B2311E4922C4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{05E8BDCA-0B3E-4B98-9F74-8B5DE3AA096B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |

"{084CAC9D-557E-4257-BAF9-A58AB130FA07}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{094A8A16-1230-4CC0-824F-0E237E2C7AE4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{097D99DD-E37C-494C-9E13-3DED5BB54D1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{109D8345-55E4-4AF1-8974-3406D3A86142}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{13C31354-6489-4E1D-BC49-5635545899B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{166C76CD-1161-4CF7-BE9E-967B70E86CBD}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\acrobat_com\acrobat_com.exe |

"{1B04AA08-AEC1-4AFA-A749-21933FDE5C51}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |

"{1B26B320-ACB6-4CCB-8B2E-B685CFCAABF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |

"{1D58355F-570B-45E7-B3A0-F46CB6697D01}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |

"{1E1D9A1D-B701-4779-B588-0CA340F48DE8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

"{1F78A88D-751C-4289-8258-7C18AB2EB763}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{234D10A7-5324-45C8-BDCF-5C12E55BAB75}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |

"{294B8412-4118-427B-B461-508B834B84E7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{29BE7B43-8E37-468A-B3CC-2DF0ECD532D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |

"{2A096714-2A5E-40B3-917D-8CB8EC83CD87}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{2D86CF58-FA02-4EDC-8EF2-D37DE185BB0A}" = protocol=6 | dir=in | app=c:\program files (x86)\cracked steam\steam.exe |

"{36E499BF-C3E0-4F10-B7E7-BB2D42EAF9F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{37BDE1AA-4668-4AB1-9791-20E3CEDBD48F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{38292E12-2C15-4468-8BE0-ECADE0F7D548}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{3BB8E727-5438-4EC5-AE8B-7F79E3DBD487}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

"{3C76E5EA-151A-4319-AEA2-6BBFE226D22D}" = protocol=17 | dir=in | app=c:\program files (x86)\cracked steam\steam.exe |

"{40AEE382-03A6-4351-9053-7ECFC56BF2FB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{4C3EDE6B-35BB-4E87-A551-2CF8B21317EC}" = protocol=6 | dir=out | app=system |

"{51C61B7E-5C07-454D-9F00-A387948F211B}" = dir=in | app=e:\setup\hpznui40.exe |

"{52AD3331-5F58-4FA7-A0CF-B3A5A68A6D28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{59FE7FE9-CD32-4C02-B475-1D559A6B7B67}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5D073E8C-4FCA-42D1-8423-C308E9785EE8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |

"{5FBB7C80-B86C-439D-8A87-35C51D130CA7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{63189DD6-013B-4CDE-B379-09C26E3F15B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |

"{63DA6800-85EA-4068-9DFB-16C850CC47E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{67C94E51-8592-4659-8E38-D4971FAC20BD}" = protocol=6 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.072\redsn0w_win_0.9.9b9d\redsn0w.exe |

"{699C6A2C-04BE-4525-8AF3-BA9148767E25}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\acrobat_com\acrobat_com.exe |

"{6E4667F0-6966-47F5-A09A-6D72C4913B41}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{70A46F66-0999-4ECC-AE0D-3DCF994FA54F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |

"{70FF40F8-886B-4323-A4D1-FE9BF4C33A38}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |

"{7173D574-D75A-4364-8B17-9F6E7688E78C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{78BAB9A5-236C-4E47-BD88-B4BA6CA15C56}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |

"{7AD52C20-A806-4CD2-93E3-F180CB7B4F33}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{7B52F2E1-3BC1-4049-B053-72DDE6610DE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |

"{7E2CD4EA-3258-4436-BEB1-E7022FC58A1B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |

"{7F51C8C1-AC54-4DD1-BF6D-F7A24504BCFC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |

"{81094223-E315-46EF-BEAA-614915442DF4}" = protocol=58 | dir=in | app=system |

"{8350A3CC-3099-45DB-8287-2CE810BEFD64}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{835969DA-6E12-4DCB-8D04-181F57B6C096}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |

"{861A687D-B95E-4119-8310-BE3B5990A1CA}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |

"{86DC03E9-4232-4AF8-A571-B83E305A44E3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{8B5104E2-F48C-4FC2-891E-BDA4CA9D252F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{8C844C3C-F24E-43F4-8A54-46C9852AF24F}" = protocol=17 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.072\redsn0w_win_0.9.9b9d\redsn0w.exe |

"{90B1C4C6-D406-47ED-AA86-D20D83F17BD6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{92B29F60-CBDF-40F5-878A-13A1C8A35D76}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{9688C974-08D0-4CB6-A771-7536B7755433}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{995ED341-672C-448C-84E2-F59663ED063E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{99FF6C9B-F5F3-4B15-9FFA-8872F9414405}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

"{9A9E4BFF-CFCC-4EF2-9680-C78746FE3EA3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{9EF9CA63-798D-4A94-AEEB-BF956667F15B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |

"{A3B68FEA-3421-4CA6-916E-734288B9C0E1}" = protocol=17 | dir=in | app=c:\program files (x86)\cracked steam\steam.exe |

"{A53E508D-AC1C-4E0D-9FA5-4B9461AA8E80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |

"{AA1CCF19-B4AC-44B4-B9B3-87683100C8F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{AF487F8F-2BCD-4D60-8721-37FF472A0172}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{B16DFE60-7581-4195-AF96-7AB981C0F61C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B747DA70-ED8E-45FB-B9C3-25AD83F6FF7F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B77F6A07-924D-4364-A620-D015094BABAA}" = protocol=6 | dir=in | app=c:\program files (x86)\cracked steam\steam.exe |

"{B8E704F0-F55F-4DD2-859F-BB00BA97AA9D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |

"{BC0BEE85-6B85-4186-82F8-9487B032F1BC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{C4A60B30-39CA-4559-B9A6-A93051BC38D7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{CB209ED9-772B-443C-B592-8AB46540B36C}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |

"{CC1F3509-C154-4682-B9F8-A32011CB33EB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{CC464FB1-809B-4372-A19A-042194C95FC3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{CC6605CA-66DA-4C46-9C3F-FA7DF77E9E39}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |

"{CD37357C-7F7B-4757-B0AF-8518D1E04BF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CEA2A0D4-C365-4DB1-B678-299F8F2FE174}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |

"{CEDA67F0-8BB8-46FA-8F3C-CB925A6A97AB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |

"{D02F59E5-ACFD-46E1-A4FC-1E828CFD7CD2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{D06E6214-53E8-4BF2-A574-8A9BD1FAC605}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |

"{D1DE86D8-8432-436F-864B-BFE0F07DA145}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |

"{D67EAA50-2C2D-4CEC-BF6A-2CAA9F7AEFD2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{DA8919A1-2833-4E37-835C-17E4C4087A15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

"{DB78EE51-72E3-4506-AEBC-00584E9B30B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{DCD166B0-3A83-4124-89E5-401EA79EBC59}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{DDFBF0BC-7BEF-4297-BF0B-ED15E5DFB883}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{DEBFE811-1F3F-438F-89FE-D87405FE1709}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |

"{E09449B3-DA03-42C6-B5D6-FCBC5DEF021A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

"{E1151D5E-3ADE-41A0-AC3D-21E999564BDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |

"{E20E16C2-63BD-4C4B-A977-9FE97B68AAD5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{E283DE0B-91FE-47E0-A486-087E69245833}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |

"{E65DADA7-4EF2-40FB-9957-28C15F53D264}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E7F06056-B63C-4841-867F-E417B05D5371}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |

"{EF72D075-D276-48AA-84F5-923CBB410355}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{F1BD0DFA-4CB7-44D3-8593-EDDECFAA2DA6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{F7CAA7F2-0757-4D8A-9B91-71DEFDDEEC10}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{FB1680A2-79B2-4BD3-9537-537DCBA496A9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"TCP Query User{13B559AB-87F9-45C3-92E0-E537E6332436}C:\program files (x86)\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |

"TCP Query User{1CF616EB-680E-492B-9996-6A49324D765B}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |

"TCP Query User{31A295FE-2D54-4D2E-80D2-4C87EC7C28A9}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"TCP Query User{3C0AC2F0-B0FD-4B97-AF6F-B94170153B4F}C:\users\todd\appdata\local\temp\rar$exa0.072\redsn0w_win_0.9.9b9d\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.072\redsn0w_win_0.9.9b9d\redsn0w.exe |

"TCP Query User{5ADE1AFB-3443-48F0-B597-99348A9D0C97}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

"TCP Query User{61D03E80-FB67-45DB-9B0B-1DBD83FD4272}C:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |

"TCP Query User{7199E513-AE47-4D50-BB18-30560CC4AA34}C:\users\todd\appdata\local\temp\rar$exa0.261\redsn0w_win_0.9.9b9d\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.261\redsn0w_win_0.9.9b9d\redsn0w.exe |

"TCP Query User{8DD9A992-E808-401B-BA4A-6FD5B350E46B}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |

"TCP Query User{9452D30E-6C11-4614-9F28-B95CDD80B3C8}C:\users\todd\downloads\patchblocker.exe" = protocol=6 | dir=in | app=c:\users\todd\downloads\patchblocker.exe |

"TCP Query User{9671D961-8C44-4F88-BCCA-3C6A7BD94B4B}C:\users\todd\appdata\local\temp\rar$exa0.262\patchblocker.exe" = protocol=6 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.262\patchblocker.exe |

"TCP Query User{9F131C29-4BAC-4F64-800E-92762ADC4CFF}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |

"TCP Query User{BACC1121-E09C-4C0A-9030-8D15EA98B20D}C:\users\todd\downloads\patchblocker (1).exe" = protocol=6 | dir=in | app=c:\users\todd\downloads\patchblocker (1).exe |

"UDP Query User{00067D85-8376-48A4-891A-1185584D4100}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |

"UDP Query User{16A32E0E-7491-4C59-B04C-63809E0BEC3B}C:\users\todd\appdata\local\temp\rar$exa0.261\redsn0w_win_0.9.9b9d\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.261\redsn0w_win_0.9.9b9d\redsn0w.exe |

"UDP Query User{2617C18D-0599-4524-B1C8-33D7EDE25869}C:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |

"UDP Query User{52B31C0A-C140-40A4-AD56-F55AB51BB6C9}C:\users\todd\appdata\local\temp\rar$exa0.072\redsn0w_win_0.9.9b9d\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.072\redsn0w_win_0.9.9b9d\redsn0w.exe |

"UDP Query User{572218B7-78BF-4379-BD4E-945B00AD18A4}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

"UDP Query User{7E1B6906-4FC7-4239-A8D8-E646FD07E89B}C:\users\todd\downloads\patchblocker (1).exe" = protocol=17 | dir=in | app=c:\users\todd\downloads\patchblocker (1).exe |

"UDP Query User{8320CE1A-37C6-4E12-9171-8F15C834871B}C:\users\todd\downloads\patchblocker.exe" = protocol=17 | dir=in | app=c:\users\todd\downloads\patchblocker.exe |

"UDP Query User{98313F11-9A16-458B-BAEC-8CAF163671F5}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |

"UDP Query User{B30BD656-DB73-44BF-A915-8E3FAEC9FDA6}C:\program files (x86)\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |

"UDP Query User{D51A5A4B-F39A-450B-AED0-0EFC5FDFE5E2}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |

"UDP Query User{E29D895E-0208-49E9-B4A4-1F104D6BB498}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"UDP Query User{EE3C9B7D-CF5F-47A5-8F39-DFC1601E0D11}C:\users\todd\appdata\local\temp\rar$exa0.262\patchblocker.exe" = protocol=17 | dir=in | app=c:\users\todd\appdata\local\temp\rar$exa0.262\patchblocker.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java 7 Update 5 (64-bit)

"{2D2820A1-F214-4B7A-912E-A87E5608CF10}" = Motorola Mobile Drivers Installation 5.0.0

"{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}" = HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7

"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"CCleaner" = CCleaner

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"HPOCR" = OCR Software by I.R.I.S. 14.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Client" = Microsoft Security Essentials

"NVIDIA Drivers" = NVIDIA Drivers

"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{038A524F-58DB-438A-8391-8F7F0CA14B9E}" = Microsoft® Winter Fun Pack 2004 for Windows® XP

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center

"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising

"{1DDDFDF2-4A92-4E77-959F-59D196B99C0C}" = C410

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix

"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4676D76B-1BA9-4E4D-9615-72FEA5F6B007}" = Unified Remote

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C047BD9-6E24-4728-9C46-0AE4814997CF}" = DayZ Commander

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries

"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio

"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2

"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{73285A21-D3CD-47E7-9985-BD89BC22132E}" = Elgato Game Capture HD

"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural

"{B5408C28-8D1F-4D65-AA49-02FBD56136FF}" = WolfQuest

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BC4A54D6-6591-4D01-AE21-C9ABAAF69D7F}" = Microsoft Expression Encoder 4

"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C8DEE701-578F-4D1B-9889-A5D7EB51E5F0}" = RLPrintPlugin

"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software

"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F217D8AF-965B-4D3E-8F14-AC47B9CA535B}" = PS_AIO_07_C410_SW_Min

"{F9EC30D1-F688-4708-9850-CB5120074AAA}" = Microsoft Expression Encoder 4 Screen Capture Codec

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"BattlEye for A2" = BattlEye Uninstall

"BattlEye for OA" = BattlEye for OA Uninstall

"Civilization IV Complete" = Civilization IV Complete

"Encoder_4.0.3205.0" = Microsoft Expression Encoder 4

"ESET Online Scanner" = ESET Online Scanner v3

"Family Tree Builder" = MyHeritage Family Tree Builder

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"Game Capture HD v2.3.3.38" = Game Capture HD v2.3.3.38

"HP Photo Creations" = HP Photo Creations

"HP Remote Solution" = HP Remote Solution

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"MotoHelper" = MotoHelper 2.0.45 Driver 5.0.0

"Origin" = Origin

"PC Performer_is1" = PC Performer

"Revo Uninstaller" = Revo Uninstaller 1.94

"Steam App 17020" = Global Agenda

"Steam App 219540" = ARMA 2: Operation Arrowhead Beta

"Steam App 24200" = DC Universe Online

"Steam App 33900" = ARMA 2

"Steam App 33930" = ARMA 2: Operation Arrowhead

"Verizon V CAST Media Manager" = Verizon V CAST Media Manager

"WildTangent hp Master Uninstall" = HP Games

"Winamp" = Winamp

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.20 beta 2 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"HuluDesktop" = Hulu Desktop

"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3

"MusicManager" = Music Manager

"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]

Error - 5/16/2012 11:15:14 AM | Computer Name = Todd-PC | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:

Object '/6577472d_eb49_4d72_b958_af62004d7846/qrpp9_ho13l_sghdoqnncdnz_15.rem'

has been disconnected or does not exist at the server. Name: hpsa_service.exe Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 8119 Ram Utilization: 10 TargetSite: Void UpdateDetail(System.String)

Error - 6/12/2012 11:45:26 AM | Computer Name = Todd-PC | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:

Object '/89c68521_5bf7_443b_a506_48e4d2ebcb14/v21xvpxqkpodmhghz5uku8zw_5.rem' has

been disconnected or does not exist at the server. Name: hpsa_service.exe Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 8119 Ram Utilization: 20 TargetSite: Void UpdateDetail(System.String)

Error - 7/16/2012 2:26:45 AM | Computer Name = Todd-PC | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:

Object '/91fc7472_4504_4333_b4e2_8b36bff8d960/w0b4xzbsrasx1a7q+p4iomxm_5.rem' has

been disconnected or does not exist at the server. Name: hpsa_service.exe Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 8119 Ram Utilization: 10 TargetSite: Void UpdateDetail(System.String)

Error - 8/27/2012 9:02:02 PM | Computer Name = Todd-PC | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:

Object '/e288c67f_06e6_4321_89f3_4d1667b3a6ad/j9yr0cumoij3r_+mx6wzd54q_15.rem'

has been disconnected or does not exist at the server. Name: hpsa_service.exe Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 8119 Ram Utilization: 20 TargetSite: Void UpdateDetail(System.String)

Error - 9/3/2012 9:05:47 PM | Computer Name = Todd-PC | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:

Object '/d1da9fdd_3fb5_4c58_b8e9_ea1c76e87c8d/ybqlpwcfabccdg7od1z+n9le_5.rem' has

been disconnected or does not exist at the server. Name: hpsa_service.exe Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 8119 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

Error - 9/18/2012 1:08:39 AM | Computer Name = Todd-PC | Source = HPSF.exe | ID = 4000

Description =

Error - 11/16/2012 3:27:44 AM | Computer Name = Todd-PC | Source = HPSF.exe | ID = 4000

Description =

Error - 11/16/2012 3:33:11 AM | Computer Name = Todd-PC | Source = HPSF.exe | ID = 4000

Description =

Error - 11/16/2012 3:33:52 AM | Computer Name = Todd-PC | Source = HPSF.exe | ID = 4000

Description =

Error - 11/16/2012 3:34:40 AM | Computer Name = Todd-PC | Source = HPSF.exe | ID = 4000

Description =

[ System Events ]

Error - 12/28/2012 10:59:50 AM | Computer Name = Todd-PC | Source = DCOM | ID = 10010

Description =

< End of report >

Link to post
Share on other sites

Great thumbsup.gif

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Restarted computer and it worked.

Results of screen317's Security Check version 0.99.50

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

JavaFX 2.1.0

Java 6 Update 20

Java 7 Update 7

Adobe Flash Player 11.5.502.135

Adobe Reader X (10.1.4)

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Malwarebytes Anti-Malware version 1.65.1.1000 <----your version of MB is out of date should be version > 1.70.0.1100 > so check for a program update

JavaFX 2.1.0 <---uninstall from add/remove programs

Java™ 6 Update 20 <---uninstall from add/remove programs

Java 7 Update 7 <---please update > should be Update 10

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.