Jump to content

I'm Infected...Ads on every page


Recommended Posts

Good, just run another scan with AdwCleaner...post the new log.

Then......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassoci...T-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

(These are just scans and won't affect the system)

MrC

Link to post
Share on other sites

# AdwCleaner v2.301 - Logfile created 05/20/2013 at 08:24:03

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Joaquin - KING

# Boot Mode : Normal

# Running from : C:\Users\Joaquin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PD73UC78\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\Joaquin\AppData\Local\Temp\Uninstall.exe

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com

Folder Found : C:\Program Files (x86)\Ilivid

Folder Found : C:\Users\Joaquin\AppData\Local\SwvUpdater

Folder Found : C:\Users\Joaquin\AppData\Local\Temp\OCS

Folder Found : C:\Users\Joaquin\AppData\LocalLow\Conduit

Folder Found : C:\Users\Joaquin\AppData\Roaming\DefaultTab

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\I Want This

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\ilivid

Key Found : HKCU\Software\OCS

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Found : HKLM\SOFTWARE\Classes\ilivid

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298566

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\Software\ilivid

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKU\S-1-5-21-837605462-3808046217-2819704575-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Joaquin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.22] : icon_url = "hxxp://search.conduit.com/fav.ico",

Found [l.25] : keyword = "search.conduit.com",

Found [l.29] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN41385575281722405&ctid=CT3298566&UM=2",

Found [l.30] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN41385575281722405&UM=2"

*************************

AdwCleaner[R1].txt - [8603 octets] - [19/05/2013 18:58:03]

AdwCleaner[R2].txt - [3945 octets] - [20/05/2013 08:22:59]

AdwCleaner[R3].txt - [3822 octets] - [20/05/2013 08:24:03]

AdwCleaner[s1].txt - [4403 octets] - [19/05/2013 19:49:44]

########## EOF - C:\AdwCleaner[R3].txt - [3942 octets] ##########

Link to post
Share on other sites

OTL logfile created on: 5/20/2013 8:26:03 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joaquin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.45 Gb Available Physical Memory | 75.34% Memory free

11.82 Gb Paging File | 9.41 Gb Available in Paging File | 79.60% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 911.79 Gb Total Space | 842.11 Gb Free Space | 92.36% Space Free | Partition Type: NTFS

Drive D: | 19.63 Gb Total Space | 2.42 Gb Free Space | 12.34% Space Free | Partition Type: NTFS

Computer Name: KING | User Name: Joaquin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/20 08:25:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joaquin\Desktop\OTL.exe

PRC - [2012/03/19 16:54:44 | 000,453,248 | ---- | M] (Magic Control Technology Corporation) -- C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe

PRC - [2011/05/03 18:13:18 | 000,199,296 | ---- | M] () -- C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe

PRC - [2011/03/09 19:06:58 | 000,445,040 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe

PRC - [2011/03/09 19:06:48 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe

PRC - [2011/03/09 19:06:46 | 001,477,232 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\dthtml.exe

PRC - [2011/03/09 16:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

PRC - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011/02/01 03:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

PRC - [2010/12/03 12:03:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe

PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

PRC - [2010/09/24 12:38:14 | 000,308,600 | ---- | M] (Magic Control Technology Corporation) -- C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe

PRC - [2010/08/05 18:08:52 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

PRC - [2010/08/05 18:08:38 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

PRC - [2010/02/11 12:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE

PRC - [2009/08/24 21:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

PRC - [2009/07/02 16:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/15 03:12:43 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6ff6bd832b03b5d6ea275ba9bee2d3ef\System.IdentityModel.ni.dll

MOD - [2013/05/15 03:12:42 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll

MOD - [2013/05/15 03:11:38 | 002,906,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\62de81b8e55e21a20bc3770f982c7f61\ReachFramework.ni.dll

MOD - [2013/05/15 03:11:30 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll

MOD - [2013/05/15 03:11:29 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll

MOD - [2013/05/15 03:04:13 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll

MOD - [2013/05/15 03:04:12 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll

MOD - [2013/05/15 03:04:09 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll

MOD - [2013/05/15 03:04:06 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll

MOD - [2013/05/15 03:04:05 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll

MOD - [2013/01/10 04:16:15 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll

MOD - [2013/01/10 04:07:11 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll

MOD - [2013/01/10 04:07:09 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll

MOD - [2013/01/10 04:07:08 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll

MOD - [2013/01/10 04:07:04 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll

MOD - [2011/03/09 18:52:32 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll

MOD - [2011/02/15 12:59:00 | 000,015,624 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll

MOD - [2009/07/02 16:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2012/09/23 21:35:33 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2012/03/13 19:31:52 | 000,311,160 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GManager.exe -- (GManager)

SRV:64bit: - [2010/11/06 16:41:00 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/03/01 23:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV - [2013/05/14 22:05:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/05/03 18:13:18 | 000,199,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe -- (MCTDesktopSvr)

SRV - [2011/03/09 19:06:48 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)

SRV - [2011/03/09 16:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)

SRV - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2011/02/01 03:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2011/01/25 15:56:32 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)

SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/08/05 18:08:38 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)

SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/07/16 19:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/04/11 11:32:26 | 000,135,296 | ---- | M] (Magic Control Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mctkmd64.sys -- (mctkmd)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/04/08 16:38:58 | 000,019,584 | ---- | M] (Magic Control Technology Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mctKmdldr64.sys -- (mctkmdldr)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/28 17:00:38 | 001,180,736 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2011/01/27 11:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/12/03 12:04:10 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/11 17:37:32 | 000,408,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/11/10 23:01:20 | 001,212,416 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)

DRV:64bit: - [2010/11/06 16:41:00 | 000,519,680 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2010/11/06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/07/13 07:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)

DRV:64bit: - [2010/02/26 18:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{2180C4E1-18B1-4262-A1EE-CB8DE79DB98C}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {CF38EAF1-7878-4B71-8F92-BAE94D1DE5DB}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{2180C4E1-18B1-4262-A1EE-CB8DE79DB98C}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 48 A9 27 06 58 7C 7A 44 BF 01 1C A1 67 03 72 70 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 48 A9 27 06 58 7C 7A 44 BF 01 1C A1 67 03 72 70 [binary data]

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 48 A9 27 06 58 7C 7A 44 BF 01 1C A1 67 03 72 70 [binary data]

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\SearchScopes,DefaultScope = {CF38EAF1-7878-4B71-8F92-BAE94D1DE5DB}

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\SearchScopes\{2180C4E1-18B1-4262-A1EE-CB8DE79DB98C}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\SearchScopes\{453865BA-BA45-434D-9D10-35493A5280FD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120521,17118,0,18,0

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\SearchScopes\{CF38EAF1-7878-4B71-8F92-BAE94D1DE5DB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298566&CUI=UN37759456352562229&UM=2

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\SearchScopes\{E7AB0B42-3E39-42DB-9165-9FB15DA72D29}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3300021&SearchSource=45&UM=2&q={searchTerms}

IE - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2011/05/11 15:05:51 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2011/05/11 15:05:51 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

[2012/05/20 22:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joaquin\AppData\Roaming\Mozilla\Firefox\extensions

[2012/05/20 22:19:02 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Joaquin\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)

CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN41385575281722405&ctid=CT3298566&UM=2

CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN41385575281722405&UM=2

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - Extension: FastestChrome - Browse Faster = C:\Users\Joaquin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.7.1_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Joaquin\AppData\Local\DownloadTerms\temp.dat File not found

O2 - BHO: (Yealt Class) - {40C78C4E-5AE5-4762-9B7D-D2DE31B03B77} - C:\Windows\SysWow64\yealt.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.

O3 - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )

O4:64bit: - HKLM..\Run: [FDispPos] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MCTDUtil] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe ()

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)

O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)

O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-837605462-3808046217-2819704575-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D359A7BB-A506-4717-9174-5F2B12CD90B1}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{b344494a-7c11-11e0-8e21-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{b344494a-7c11-11e0-8e21-806e6f6e6963}\Shell\AutoRun\command - "" = E:\UV150.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/20 08:25:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joaquin\Desktop\OTL.exe

[2013/05/19 22:09:13 | 000,000,000 | ---D | C] -- C:\ComboFix

[2013/05/19 20:59:40 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/05/19 19:58:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/05/19 19:58:33 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/05/19 19:58:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/05/19 18:40:30 | 000,000,000 | ---D | C] -- C:\Users\Joaquin\Desktop\RK_Quarantine

[2013/05/19 18:21:48 | 000,000,000 | ---D | C] -- C:\Users\Joaquin\AppData\Roaming\Malwarebytes

[2013/05/19 18:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/05/19 18:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/05/19 15:19:15 | 000,138,880 | ---- | C] (Magic Control Technology Corporation) -- C:\Windows\SysWow64\MCTU.dll

[2013/05/19 15:19:13 | 001,113,728 | ---- | C] (Magic Control Technology Corporation) -- C:\Windows\SysNative\MTri1+64.exe

[2013/05/19 15:19:13 | 000,917,120 | ---- | C] (Magic Control Technology Corporation) -- C:\Windows\SysNative\SilentUtility.exe

[2013/05/19 15:19:13 | 000,914,808 | ---- | C] (Magic Control Technology Corporation) -- C:\Windows\SysNative\MTrigger2.exe

[2013/05/19 15:19:13 | 000,440,320 | ---- | C] (Magic Control Technology Corporation) -- C:\Windows\SysNative\SU-T2.exe

[2013/05/19 15:19:13 | 000,336,248 | ---- | C] (Magic Control Technology Corporation) -- C:\Windows\SysNative\mctsetup64.dll

[2013/05/19 15:19:13 | 000,274,048 | ---- | C] (MCT) -- C:\Windows\SysNative\MHK2.DLL

[2013/05/19 15:19:13 | 000,272,760 | ---- | C] (MCT) -- C:\Windows\SysNative\MCTHOOKKEY.DLL

[2013/05/19 15:19:11 | 000,174,720 | ---- | C] (Magic Control Technology Corporation) -- C:\Windows\SysNative\mctux.dll

[2013/05/19 15:19:11 | 000,135,296 | ---- | C] (Magic Control Technology Corporation) -- C:\Windows\SysNative\drivers\mctkmd64.sys

[2013/05/19 15:19:11 | 000,085,120 | ---- | C] (Magic Control Technology Corporation) -- C:\Windows\SysNative\mctumd64.dll

[2013/05/19 15:19:11 | 000,019,584 | ---- | C] (Magic Control Technology Corporation) -- C:\Windows\SysNative\drivers\mctKmdldr64.sys

[2013/05/19 15:19:09 | 000,315,392 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysWow64\mctudll.exe

[2013/05/19 15:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MCTWDDM

[2013/05/19 15:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DesktopUtil

[2013/05/19 15:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCT Corp

[2013/05/19 15:18:40 | 000,000,000 | ---D | C] -- C:\Users\Joaquin\AppData\Roaming\InstallShield

[2013/05/18 21:21:01 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Joaquin\Desktop\mbam-clean-1.60.2.0003.exe

[2013/05/05 22:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2013/05/05 19:17:17 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe

[2013/05/05 19:13:26 | 000,000,000 | ---D | C] -- C:\Users\Joaquin\AppData\Local\DownloadTerms

[2013/05/05 19:13:20 | 000,000,000 | ---D | C] -- C:\Users\Joaquin\AppData\Roaming\DefaultTab

[2013/05/05 19:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013/05/04 22:55:12 | 000,000,000 | ---D | C] -- C:\components

[2013/05/04 22:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yealt

[2013/05/04 22:46:51 | 000,000,000 | ---D | C] -- C:\Users\Joaquin\AppData\Local\SwvUpdater

[2013/04/30 22:22:43 | 000,000,000 | ---D | C] -- C:\Users\Joaquin\Desktop\Christine

[2013/04/27 18:02:38 | 000,000,000 | ---D | C] -- C:\Users\Joaquin\AppData\Local\{53E1B9ED-738D-456B-BB1F-68C49EAD703B}

[2013/04/27 17:53:52 | 000,000,000 | ---D | C] -- C:\Users\Joaquin\AppData\Roaming\MyPublisher

[2013/04/27 17:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPublisher

[2013/04/26 19:11:47 | 000,000,000 | ---D | C] -- C:\Users\Joaquin\Desktop\Ashley's Immunizations

[2013/04/25 21:49:21 | 000,000,000 | ---D | C] -- C:\Users\Joaquin\Desktop\EDDIE

[2011/11/14 19:40:30 | 010,165,440 | ---- | C] (Microsoft Corporation) -- C:\Users\Joaquin\mseinstall.exe

[2011/10/02 07:51:07 | 000,883,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Joaquin\JavaSetup6u23.exe

[2011/09/08 20:34:47 | 000,489,672 | ---- | C] (Catalina Marketing Corp. ) -- C:\Users\Joaquin\CouponActivator.exe

[1 C:\Users\Joaquin\Desktop\*.tmp files -> C:\Users\Joaquin\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/20 08:25:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joaquin\Desktop\OTL.exe

[2013/05/20 08:18:39 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/05/20 08:18:39 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/05/20 08:18:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/05/19 22:36:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJoaquin.job

[2013/05/19 22:33:02 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/05/19 22:33:02 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/05/19 22:29:43 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/05/19 22:29:43 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/05/19 22:29:43 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/05/19 22:24:41 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/05/19 22:24:34 | 000,002,710 | ---- | M] () -- C:\Windows\SysNative\GManager.ini

[2013/05/19 22:24:20 | 466,690,047 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/18 21:21:29 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Joaquin\Desktop\mbam-clean-1.60.2.0003.exe

[2013/05/15 03:24:00 | 000,417,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/05/13 20:28:09 | 000,181,617 | ---- | M] () -- C:\Users\Joaquin\Desktop\TAR-1935 - Seller's Estimated Net Proceeds - 010203.pdf

[2013/05/10 11:27:06 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKING$.job

[2013/05/05 19:17:17 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe

[2013/05/05 19:13:23 | 000,000,258 | RHS- | M] () -- C:\Users\Joaquin\ntuser.pol

[2013/04/30 03:02:17 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/04/30 03:02:16 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2013/04/27 17:54:09 | 000,001,279 | ---- | M] () -- C:\Users\Joaquin\Desktop\MyPublisher.lnk

[1 C:\Users\Joaquin\Desktop\*.tmp files -> C:\Users\Joaquin\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/19 15:19:14 | 000,002,710 | ---- | C] () -- C:\Windows\SysNative\GManager.ini

[2013/05/19 15:19:13 | 000,272,512 | ---- | C] () -- C:\Windows\SysNative\U2VT2Svr.exe

[2013/05/19 15:19:13 | 000,272,512 | ---- | C] () -- C:\Windows\SysNative\U2VSvr.exe

[2013/05/19 15:19:13 | 000,261,760 | ---- | C] () -- C:\Windows\SysNative\Util-MTrigger2.exe

[2013/05/19 15:19:13 | 000,195,200 | ---- | C] () -- C:\Windows\SysNative\Util.exe

[2013/05/19 15:19:13 | 000,048,178 | ---- | C] () -- C:\Windows\SysNative\Mtrigger2.ini

[2013/05/19 15:19:13 | 000,048,170 | ---- | C] () -- C:\Windows\SysNative\MTri1+.ini

[2013/05/19 15:19:12 | 000,013,440 | ---- | C] () -- C:\Windows\SysNative\drivers\u3hpatch64.sys

[2013/05/19 15:19:10 | 000,311,160 | ---- | C] () -- C:\Windows\SysNative\GManager.exe

[2013/05/19 15:19:09 | 000,430,080 | ---- | C] () -- C:\Windows\SysWow64\UDLL.dll

[2013/05/19 15:19:09 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\mctudll.dll

[2013/05/13 20:28:09 | 000,181,617 | ---- | C] () -- C:\Users\Joaquin\Desktop\TAR-1935 - Seller's Estimated Net Proceeds - 010203.pdf

[2013/05/05 19:13:23 | 000,000,258 | RHS- | C] () -- C:\Users\Joaquin\ntuser.pol

[2013/04/30 03:02:17 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/04/30 03:02:16 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2013/04/27 17:54:09 | 000,001,309 | ---- | C] () -- C:\Users\Joaquin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPublisher.lnk

[2013/04/27 17:54:09 | 000,001,279 | ---- | C] () -- C:\Users\Joaquin\Desktop\MyPublisher.lnk

[2013/02/21 20:32:57 | 000,001,087 | ---- | C] () -- C:\Users\Joaquin\Documents - Shortcut.lnk

[2012/05/20 22:15:03 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat

[2012/01/10 04:24:36 | 000,000,088 | ---- | C] () -- C:\Users\Joaquin\.java.policy

[2012/01/05 04:04:51 | 000,010,394 | -HS- | C] () -- C:\Users\Joaquin\AppData\Local\2jj08bu7853l1dp231u48821ebonr1311

[2012/01/05 04:04:51 | 000,010,394 | -HS- | C] () -- C:\ProgramData\2jj08bu7853l1dp231u48821ebonr1311

[2012/01/05 03:50:09 | 000,010,510 | -HS- | C] () -- C:\Users\Joaquin\AppData\Local\lbe80ph44tc2chkjmuip775027e8ksj025p55hjqcb1

[2012/01/05 03:50:09 | 000,010,510 | -HS- | C] () -- C:\ProgramData\lbe80ph44tc2chkjmuip775027e8ksj025p55hjqcb1

[2011/09/05 11:42:40 | 000,132,258 | ---- | C] () -- C:\Users\Joaquin\4789.jpeg

[2011/09/05 11:36:33 | 001,088,093 | ---- | C] () -- C:\Users\Joaquin\4786.jpeg

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/22 23:16:17 | 000,000,000 | ---D | M] -- C:\Users\Joaquin\AppData\Roaming\Amazon

[2012/11/06 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\Joaquin\AppData\Roaming\Blio

[2011/09/02 22:25:56 | 000,000,000 | ---D | M] -- C:\Users\Joaquin\AppData\Roaming\Catalina Marketing Corp

[2013/05/19 22:23:32 | 000,000,000 | ---D | M] -- C:\Users\Joaquin\AppData\Roaming\DefaultTab

[2011/12/27 18:22:15 | 000,000,000 | ---D | M] -- C:\Users\Joaquin\AppData\Roaming\Diad

[2011/09/02 19:46:28 | 000,000,000 | ---D | M] -- C:\Users\Joaquin\AppData\Roaming\DisplayTune

[2013/04/28 16:51:16 | 000,000,000 | ---D | M] -- C:\Users\Joaquin\AppData\Roaming\MyPublisher

[2013/01/18 13:33:16 | 000,000,000 | ---D | M] -- C:\Users\Joaquin\AppData\Roaming\uTorrent

[2013/04/11 23:08:09 | 000,000,000 | ---D | M] -- C:\Users\Joaquin\AppData\Roaming\Visan

[2011/09/05 08:47:56 | 000,000,000 | ---D | M] -- C:\Users\Joaquin\AppData\Roaming\WinBatch

[2011/12/28 05:18:36 | 000,000,000 | ---D | M] -- C:\Users\Joaquin\AppData\Roaming\Xonoylu

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 5/20/2013 8:26:03 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joaquin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.45 Gb Available Physical Memory | 75.34% Memory free

11.82 Gb Paging File | 9.41 Gb Available in Paging File | 79.60% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 911.79 Gb Total Space | 842.11 Gb Free Space | 92.36% Space Free | Partition Type: NTFS

Drive D: | 19.63 Gb Total Space | 2.42 Gb Free Space | 12.34% Space Free | Partition Type: NTFS

Computer Name: KING | User Name: Joaquin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-837605462-3808046217-2819704575-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03466D3F-B6BF-420F-9627-2B7ADA897287}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{08B4FC3F-A460-416A-A86D-E9782CCEDBFC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{1124FBDF-E88D-4D73-84DE-162588BA84B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1480A93E-B345-4230-8883-9347C8D9558B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{18116D36-0479-444A-958B-B2A9C01E3CEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1EFCD148-B98E-4161-B04E-183BFCA2D0F2}" = lport=138 | protocol=17 | dir=in | app=system |

"{208D3E24-9D75-4F92-B819-7C7BAE170EB8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{43B4F259-2B02-485D-8CEA-24B2C14D7228}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{443C9BA2-E747-4BC8-B36A-24C857005971}" = rport=138 | protocol=17 | dir=out | app=system |

"{4F1B2575-E49F-4DAF-802C-5E98DD966F52}" = rport=139 | protocol=6 | dir=out | app=system |

"{5E06BE9A-706C-44F4-B7E7-FF286CA3D4A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{654492AE-573D-4C4D-96F3-02786BDF8BFC}" = rport=137 | protocol=17 | dir=out | app=system |

"{6C283CED-24FB-4C2B-B3ED-525F9A340F92}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{8507CF4D-CDEA-4919-A9C2-003BB5EA1A4C}" = lport=137 | protocol=17 | dir=in | app=system |

"{855D3AF1-E686-4CA8-897A-AD6C7FBE113E}" = lport=10243 | protocol=6 | dir=in | app=system |

"{8D7668B1-52D2-4580-8B78-59CFA8CD1271}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{99DE7CBD-3248-4D44-8A32-164ABAB086C2}" = lport=139 | protocol=6 | dir=in | app=system |

"{ACC6F08D-1291-41D6-86C5-2B99D7707325}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B20F9DDE-8919-4F9B-8A03-E13C8B9B16DB}" = lport=445 | protocol=6 | dir=in | app=system |

"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{BB245F79-DA87-40FE-8614-E0BAA20DBDFE}" = rport=10243 | protocol=6 | dir=out | app=system |

"{CEDD9BCC-C1C3-4E6A-972D-3071BD1B3FC5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{D95C5BDF-0A52-4C24-BC75-9B99990432EE}" = rport=445 | protocol=6 | dir=out | app=system |

"{F72F7C32-B4A0-4396-9E8D-E1051AD72706}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{F765BF9D-43C0-4B68-B43C-986877588BC1}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00007BCA-EB1E-409A-8ABF-C7A198FE00FF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{0ACE26D8-76CD-40AB-A206-E2AD19DD3B9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{109D0038-13A5-420A-8128-0F9673F3F414}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{155B2EAD-CDF9-414C-AC4B-644A9E005646}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |

"{17039479-0F21-49A6-814D-9C7D8F217890}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1B40D1AD-0CEC-4D82-98F4-27B7D2ECA340}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |

"{2228C622-3DC5-408C-B1E8-D61B19861C85}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{2D5D3A07-21E1-4FAD-B42B-08BA57B4156A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{32014ABC-97DE-47C4-A348-8D9CF8D56C8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{36584A2D-3D72-475D-9C4B-A2ECE3440024}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3D3A04A6-AB22-4192-B98D-BD93E28E54AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{418B7E8A-E2E3-4F61-B6CD-78419A4A4A25}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |

"{5067CAE4-EFA2-480E-9E21-774D219C7572}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |

"{57956FF2-C353-43DC-B0AC-3072F87E4CD5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{58B925EC-E88C-414D-8779-C40D262432D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5B86A5A0-D896-4783-8051-DB73C3AB066A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{62DD2751-5DA5-4014-AD0B-1C9E6216B9DA}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |

"{63BCA0CF-B1CD-433E-9DD9-2EEE6757A73B}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |

"{6EE229A0-C2B7-4012-9AF9-500531209B1E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{79A0C058-C33E-40EC-98D9-DEA6912A0D3B}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |

"{7E00699C-4FE4-41B9-AE26-0E2828D727C4}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |

"{7E27E120-D06A-41C1-AC6C-48B663895638}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{7F0E1097-308A-40E8-8574-1E10EDF59A99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{818BE510-15A3-4E64-AE5B-13065C198256}" = protocol=6 | dir=out | app=system |

"{884831D7-C640-4AE4-8BCA-7F98C9E4E9A0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{900C02A2-D4CD-4E02-A475-A8FDCD3A80DC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A037FE27-AACA-4D4E-A35F-88519BD41223}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\photo\photoagent.exe |

"{A1B3FED0-7E84-4A65-A1AA-CECFD244C27E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\photo\hptouchsmartphoto.exe |

"{A2B248A0-1391-4675-90A4-0A4CABAE6A4D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |

"{A6304270-860D-4326-8E6B-9E69AFFDA496}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{A9C0E480-82DC-4C54-B7E0-8EB441CFF24C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\hptouchsmartphoto.exe |

"{AB4468E7-4C5E-43CB-9019-DE59AFB573A4}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |

"{AC938424-6C09-4E47-9836-13AD85403BAE}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |

"{B9BB4EBC-7B4E-4902-A47F-332AF3B995D9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\tsmagent.exe |

"{BE1C6599-738D-46F0-815C-536BFA9E4A65}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\hptouchsmartvideo.exe |

"{C1B0CE76-57B1-424C-A137-55C7AF2A173C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{CE20F2C5-509E-4A88-BE75-6E9C23B0329B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{D2A52A8D-0F7F-44FF-9BF7-5EFD4F74C96A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D4CB2AC1-65BA-4A4F-A612-53434705B7BA}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |

"{D52E33B3-6E97-47A3-93A1-9C40BC37F492}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{DCAB519E-2985-4422-B5C7-E17A60BEAED1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{DF097327-FFA0-43CD-8443-A69F2E9D1EA1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{E10B0069-4492-418B-88FC-B3D2B7A90828}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\kernel\clml\clmlsvc.exe |

"{E3D7B65F-9790-4B70-93EC-97038F406F92}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\hptouchsmartmusic.exe |

"{E9F7C21E-5D0D-4A0F-AC4D-0F34FB91D81E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{ED4488FA-0A47-42A9-98DC-2B1BAD776891}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |

"{F13DFB68-C384-4751-A1E8-AF63B2554BE3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |

"{F2F140CD-E423-4773-8878-22A153E5C1A4}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |

"{F8453A9F-F597-4B44-82F9-8EFDAC4FAD0A}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |

"TCP Query User{71A4397F-50A9-4D30-92AB-81BD3CCC16A4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{AFC2D091-85BF-4061-B436-DF416B2400FD}C:\users\joaquin\appdata\roaming\xonoylu\ytdyunu.exe" = protocol=6 | dir=in | app=c:\users\joaquin\appdata\roaming\xonoylu\ytdyunu.exe |

"TCP Query User{C014BB6E-D776-48D4-8568-8BCE75EF0BD3}C:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |

"UDP Query User{574FE538-7A7A-44B0-8ADF-E700A99FA97D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{BE1B8B7E-8FC2-4FC1-8450-BD5D1680A43E}C:\users\joaquin\appdata\roaming\xonoylu\ytdyunu.exe" = protocol=17 | dir=in | app=c:\users\joaquin\appdata\roaming\xonoylu\ytdyunu.exe |

"UDP Query User{CA9D0F2C-214A-4CC8-AFCA-DDC777A99250}C:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D

"{7D220A57-969F-4D09-9297-D48195A8ABDD}" = HP Deskjet 3050 J610 series Basic Device Software

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{860B418B-F90B-465A-BC1D-04B518045C72}" = HP Deskjet 3050 J610 series Product Improvement Study

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics

"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK

"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore

"{1502291B-3C1B-4781-99F8-9D6D8C650588}" = HP TouchSmart

"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F40643A-3489-4262-B7BA-F2EC6FA0A1C8}" = HP TouchSmart Notes

"{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}" = HP My Display TouchSmart Edition

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20714B53-FC73-4F9C-9687-49EB237D6FD7}" = HP TouchSmart RecipeBox

"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{297FA7DE-08E5-44A6-8F66-9E26F61F4810}" = HP TouchSmart Calendar

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0

"{3D5771E2-EF71-4765-A96F-B80E9DFA3FE9}" = HP TouchSmart eBay

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4ACC9E9C-12D6-4A9D-8FBC-3FD469B9FD34}" = HP TouchSmart Browser

"{554D4753-4637-477E-BB52-901A819C798D}" = HP TouchSmart Weather

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{608D7847-39B7-4D1D-AF6D-7DCC38C77615}" = HP TouchSmart RSS

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A6F8D36-04BA-41E9-9004-1789BD545874}" = HP TouchSmart Background - Beats

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{75781594-73D9-4D7B-997F-14D41BF1513D}" = HP TouchSmart Twitter

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}" = SEE2 Xtreme UV150 / UV250 12.01.0411.1177

"{8317485C-067B-4B5B-A2A3-9D36B7B0399E}" = HP TouchSmart Apps Center

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP TouchSmart Tutorials

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DB462BD-8372-47F1-9356-210BE357B1A8}" = HP TouchSmart Default Magnets

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{909CE9B4-76A7-4C3D-A9AC-CE231B3E4B40}" = HP TouchSmart Canvas

"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader

"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP TouchSmart Music

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio

"{97AA232A-58CB-41A2-A258-0593F98AB1E0}" = HP TouchSmart Clock

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{BB760C1D-98F4-4E38-8CC4-3B67329AA981}" = HP MediaSmart/TouchSmart Netflix

"{C1AD9241-3ADD-483F-914D-071F3E50855A}" = HP LinkUp

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP TouchSmart Photo

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E6753FCB-B508-4C74-9686-17032281AF38}_is1" = R.U.S.E. for TouchSmart

"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant

"{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = HP TouchSmart Video

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17

"AVerMedia MiniCard Hybrid TV Tuner" = AVerMedia MiniCard Hybrid TV Tuner 1.1.64.56

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"Google Chrome" = Google Chrome

"HP Keyboard_is1" = HP Desktop Keyboard

"HP Remote Solution" = HP Remote Solution

"iLivid" = iLivid

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP TouchSmart Music

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP TouchSmart Photo

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = HP TouchSmart Video

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video

"Kobo" = Kobo

"Office14.SingleImage" = Microsoft Office Professional 2010

"PDF Complete" = PDF Complete Special Edition

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

"WT087317" = Airport Mania

"WT087319" = Azteca

"WT087330" = Bounce Symphony

"WT087343" = Dora's World Adventure

"WT087361" = FATE

"WT087379" = Jewel Quest Solitaire 2

"WT087393" = Mah Jong Medley

"WT087394" = Penguins!

"WT087396" = Polar Bowler

"WT087397" = Polar Golfer

"WT087433" = Build-a-lot

"WT087510" = Slingo Deluxe

"WT087536" = Diner Dash 2 Restaurant Rescue

"WT089307" = Virtual Villagers 4 - The Tree of Life

"WT089308" = Blasterball 3

"WT089328" = Farm Frenzy

"WT089359" = Cake Mania

"WT089362" = Agatha Christie - Peril at End House

"WT089453" = Bejeweled 2 Deluxe

"WT089454" = Chuzzle Deluxe

"WT089455" = Zuma Deluxe

"WT089458" = Plants vs. Zombies - Game of the Year

"WT089484" = Namco All-Stars PAC-MAN

"WT089496" = Mystery P.I. - Stolen in San Francisco

"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 4/21/2013 11:31:07 PM | Computer Name = KING | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16476,

time stamp: 0x5126e7ac Faulting module name: jscript9.dll, version: 9.0.8112.16476,

time stamp: 0x5126e9e4 Exception code: 0xc0000005 Fault offset: 0x00070cdd Faulting

process id: 0x11c4 Faulting application start time: 0x01ce3e084d1bb7e1 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\jscript9.dll Report Id: 110cc124-aafd-11e2-bb6a-e89a8f552f6e

Error - 4/21/2013 11:31:37 PM | Computer Name = KING | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16476,

time stamp: 0x5126e7ac Faulting module name: MSHTML.dll, version: 9.0.8112.16476,

time stamp: 0x5126ee6c Exception code: 0xc0000005 Fault offset: 0x00418a2c Faulting

process id: 0x5e7c Faulting application start time: 0x01ce3f08e2d7f74c Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\system32\MSHTML.dll Report Id: 22f8bc01-aafd-11e2-bb6a-e89a8f552f6e

Error - 4/21/2013 11:31:38 PM | Computer Name = KING | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16476,

time stamp: 0x5126e7ac Faulting module name: MSHTML.dll, version: 9.0.8112.16476,

time stamp: 0x5126ee6c Exception code: 0xc000041d Fault offset: 0x00418a2c Faulting

process id: 0x5e7c Faulting application start time: 0x01ce3f08e2d7f74c Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\system32\MSHTML.dll Report Id: 23cef7d9-aafd-11e2-bb6a-e89a8f552f6e

Error - 4/21/2013 11:31:41 PM | Computer Name = KING | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,

time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514,

time stamp: 0x4ce7c9db Exception code: 0xc0000005 Fault offset: 0x0000000000004e03

Faulting

process id: 0xa54 Faulting application start time: 0x01ce3e07da48772d Faulting application

path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll

Report

Id: 2523dd9a-aafd-11e2-bb6a-e89a8f552f6e

Error - 4/22/2013 2:13:49 AM | Computer Name = KING | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 4/22/2013 4:06:49 PM | Computer Name = KING | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16476,

time stamp: 0x5126e7ac Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x02a0306a Faulting process id:

0x2b60 Faulting application start time: 0x01ce3e2a7b398a24 Faulting application path:

C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown

Report

Id: 29fea762-ab88-11e2-bb6a-e89a8f552f6e

Error - 4/22/2013 9:51:48 PM | Computer Name = KING | Source = WinMgmt | ID = 10

Description =

Error - 4/23/2013 2:52:46 AM | Computer Name = KING | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 4/24/2013 2:52:32 AM | Computer Name = KING | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 4/25/2013 2:33:14 AM | Computer Name = KING | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

[ Hewlett-Packard Events ]

Error - 6/4/2012 6:13:05 PM | Computer Name = KING | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 6054 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/4/2012 6:13:05 PM | Computer Name = KING | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 6054 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/19/2012 10:03:53 AM | Computer Name = KING | Source = hpsa_service.exe | ID = 2000

Description =

Error - 6/19/2012 10:04:02 AM | Computer Name = KING | Source = HPSF.exe | ID = 4000

Description =

Error - 6/25/2012 10:09:16 AM | Computer Name = KING | Source = HPSF.exe | ID = 4000

Description =

Error - 7/25/2012 6:22:02 PM | Computer Name = KING | Source = HPSF.exe | ID = 4000

Description =

Error - 8/25/2012 12:11:33 PM | Computer Name = KING | Source = HPSF.exe | ID = 4000

Description =

Error - 9/25/2012 8:23:45 AM | Computer Name = KING | Source = HPSF.exe | ID = 4000

Description =

Error - 10/25/2012 1:00:01 AM | Computer Name = KING | Source = HPSF.exe | ID = 4000

Description =

Error - 11/12/2012 6:29:29 PM | Computer Name = KING | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 6054

Ram

Utilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

[ Media Center Events ]

Error - 5/17/2013 2:37:34 AM | Computer Name = KING | Source = MCUpdate | ID = 0

Description = 1:37:21 AM - Failed to retrieve SportsSchedule (Error: The request

failed with HTTP status 403: Forbidden.)

Error - 5/17/2013 3:37:38 AM | Computer Name = KING | Source = MCUpdate | ID = 0

Description = 2:37:38 AM - Failed to retrieve SportsSchedule (Error: The request

failed with HTTP status 403: Forbidden.)

Error - 5/17/2013 4:37:41 AM | Computer Name = KING | Source = MCUpdate | ID = 0

Description = 3:37:41 AM - Failed to retrieve SportsSchedule (Error: The request

failed with HTTP status 403: Forbidden.)

Error - 5/17/2013 5:37:46 AM | Computer Name = KING | Source = MCUpdate | ID = 0

Description = 4:37:45 AM - Failed to retrieve SportsSchedule (Error: The request

failed with HTTP status 403: Forbidden.)

[ System Events ]

Error - 11/23/2012 8:23:13 AM | Computer Name = KING | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%834 Error Code: 0x80070002 Error description: The system cannot find the file specified.

Reason: %%858

Error - 11/23/2012 8:23:13 AM | Computer Name = KING | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80070002 Error description: The system cannot find the file specified.

Reason: %%858

Error - 11/23/2012 8:23:13 AM | Computer Name = KING | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%834 Error Code: 0x80070002 Error description: The system cannot find the file specified.

Reason: %%837

Error - 11/23/2012 8:23:13 AM | Computer Name = KING | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80070002 Error description: The system cannot find the file specified.

Reason: %%837

Error - 11/23/2012 8:23:13 AM | Computer Name = KING | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%886 Error Code: 0x80070002 Error description: The system cannot find the file specified.

Reason: %%837

Error - 11/23/2012 8:23:13 AM | Computer Name = KING | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 11.159.0.0 Update Source: %%815 Update Stage:

%%854 Source Path: Signature Type: %%886 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current

Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80070433 Error

description: The dependency service does not exist or has been marked for deletion.

Error - 11/23/2012 8:23:13 AM | Computer Name = KING | Source = Microsoft Antimalware | ID = 2003

Description = %%860 has encountered an error trying to update the engine. New Engine

Version: Previous Engine Version: 2.0.8001.0 Engine Type: %%886 User: NT AUTHORITY\SYSTEM

Error

Code: 0x80070433 Error description: The dependency service does not exist or has

been marked for deletion.

Error - 11/23/2012 8:23:13 AM | Computer Name = KING | Source = Service Control Manager | ID = 7003

Description = The Microsoft Network Inspection service depends the following service:

NisDrv. This service might not be installed.

Error - 11/23/2012 8:23:27 AM | Computer Name = KING | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.141.307.0 Update Source: %%859 Update Stage:

%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error

code: 0x80070643 Error description: Fatal error during installation.

Error - 11/23/2012 8:23:32 AM | Computer Name = KING | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138

(Definition 1.141.307.0).

< End of report >

Link to post
Share on other sites

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then............

Please do this:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL

O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Joaquin\AppData\Local\DownloadTerms\temp.dat File not found

O2 - BHO: (Yealt Class) - {40C78C4E-5AE5-4762-9B7D-D2DE31B03B77} - C:\Windows\SysWow64\yealt.dll File not found

O3 - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.

O3 - HKU\S-1-5-21-837605462-3808046217-2819704575-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

:Commands

[EMPTYJAVA]

[emptytemp]

[EMPTYFLASH]

[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

# AdwCleaner v2.301 - Logfile created 05/20/2013 at 08:51:57

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Joaquin - KING

# Boot Mode : Normal

# Running from : C:\Users\Joaquin\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Joaquin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [3945 octets] - [20/05/2013 08:22:59]

AdwCleaner[R3].txt - [4005 octets] - [20/05/2013 08:24:03]

AdwCleaner[s2].txt - [318 octets] - [20/05/2013 08:51:46]

AdwCleaner[s3].txt - [838 octets] - [20/05/2013 08:51:57]

########## EOF - C:\AdwCleaner[s3].txt - [897 octets] ##########

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C78C4E-5AE5-4762-9B7D-D2DE31B03B77}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C78C4E-5AE5-4762-9B7D-D2DE31B03B77}\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-837605462-3808046217-2819704575-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.

Registry value HKEY_USERS\S-1-5-21-837605462-3808046217-2819704575-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

File PTYJAVA] not found.

File ptytemp] not found.

File PTYFLASH] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 05202013_085658

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Good...........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.63

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Java 7 Update 21

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Symantec Norton Online Backup NOBuAgent.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Just get that left over Chrome: (The rest looks OK)

Google Chrome 26.0.1410.43 <-----OLD

Google Chrome 26.0.1410.64 <-----OK

You have old versions of Google Chrome on the system.

Please download and run OldChromeRemover.

@Windows Vista/Windows 7-8 users must use “Run As Administrator.”

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.