Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Browsers Hijacked and HijackThis unable to remove entries

  1. #1
    Junior Member
    Join Date
    Dec 2012
    Posts
    12

    Default Browsers Hijacked and HijackThis unable to remove entries

    Turned out my log post is too long and I got a message "The text that you have entered is too long (74756 characters). Please shorten it to 64000 characters long."

    I have pasted the entire content of my original post into a zipped txt file similar to the requested attach.txt. I hope this is an accepted workaround to posting lengthy items. Please accept my apology if I have overlooked a FAQ instruction.

  2. #2
    Junior Member
    Join Date
    Dec 2012
    Posts
    12

    Default

    just occurred to me that I can break up the post into two posts.

    Hi, I am new. I recently installed a software from a suspicious, something that I should have known better and now I am stuck with a hijacked browser with modified tab and an infection that won't allow to be fixed using HijackThis. Looking forward to any expert guidance and assistance.
    As instructed by the FAQ, here is the content of my DDS.txt

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
    Run by HP at 18:44:23 on 2012-12-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.3894.1794 [GMT 8:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Users\HP\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
    C:\Users\HP\AppData\Local\Smartbar\Application\QuickShare.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.my/
    mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\HP\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
    uRun: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    uRun: [iFunBoxConnector] "C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe"
    uRun: [Browser Infrastructure Helper] C:\Users\HP\AppData\Local\Smartbar\Application\QuickShare.exe startup
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    uRunOnce: [SpybotDeletingF9873] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\ARPPRODUCTICON.exe"
    uRunOnce: [SpybotDeletingF6043] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe"
    uRunOnce: [SpybotDeletingF166] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\default.xml"
    uRunOnce: [SpybotDeletingF8168] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll"
    uRunOnce: [SpybotDeletingF9384] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll"
    uRunOnce: [SpybotDeletingF1311] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll"
    uRunOnce: [SpybotDeletingF6222] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll"
    uRunOnce: [SpybotDeletingF6278] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll"
    uRunOnce: [SpybotDeletingF8646] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll"
    uRunOnce: [SpybotDeletingF5470] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll"
    uRunOnce: [SpybotDeletingF9809] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dll"
    uRunOnce: [SpybotDeletingF6515] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll"
    uRunOnce: [SpybotDeletingF7163] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mglogger.dll"
    uRunOnce: [SpybotDeletingF7187] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll"
    uRunOnce: [SpybotDeletingF7818] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll"
    uRunOnce: [SpybotDeletingF8885] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll"
    uRunOnce: [SpybotDeletingF1840] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll"
    uRunOnce: [SpybotDeletingF3068] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll"
    uRunOnce: [SpybotDeletingF1284] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll"
    uRunOnce: [SpybotDeletingF8170] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll"
    uRunOnce: [SpybotDeletingF5306] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll"
    uRunOnce: [SpybotDeletingF4224] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll"
    uRunOnce: [SpybotDeletingF8187] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll"
    uRunOnce: [SpybotDeletingF2126] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll"
    uRunOnce: [SpybotDeletingF4654] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
    uRunOnce: [SpybotDeletingF9185] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
    uRunOnce: [SpybotDeletingF8428] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
    uRunOnce: [SpybotDeletingF3306] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
    uRunOnce: [SpybotDeletingF9270] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
    uRunOnce: [SpybotDeletingF1684] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
    uRunOnce: [SpybotDeletingF1426] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
    uRunOnce: [SpybotDeletingF3901] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
    uRunOnce: [SpybotDeletingF673] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll"
    uRunOnce: [SpybotDeletingF337] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
    uRunOnce: [SpybotDeletingF4349] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe"
    uRunOnce: [SpybotDeletingF120] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\default.xml"
    uRunOnce: [SpybotDeletingF4302] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll"
    uRunOnce: [SpybotDeletingF4021] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll"
    uRunOnce: [SpybotDeletingF8101] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll"
    uRunOnce: [SpybotDeletingF5956] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll"
    uRunOnce: [SpybotDeletingF6361] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll"
    uRunOnce: [SpybotDeletingF478] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll"
    uRunOnce: [SpybotDeletingF7909] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll"
    uRunOnce: [SpybotDeletingF3263] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dll"
    uRunOnce: [SpybotDeletingF3507] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll"
    uRunOnce: [SpybotDeletingF6005] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mglogger.dll"
    uRunOnce: [SpybotDeletingF5373] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll"
    uRunOnce: [SpybotDeletingF6552] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
    uRunOnce: [SpybotDeletingF320] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll"
    uRunOnce: [SpybotDeletingF2481] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll"
    uRunOnce: [SpybotDeletingF234] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll"
    uRunOnce: [SpybotDeletingF1393] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll"
    uRunOnce: [SpybotDeletingF1601] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll"
    uRunOnce: [SpybotDeletingF7539] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll"
    uRunOnce: [SpybotDeletingF9256] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll"
    uRunOnce: [SpybotDeletingF5122] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll"
    uRunOnce: [SpybotDeletingF4896] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll"
    uRunOnce: [SpybotDeletingF2157] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
    uRunOnce: [SpybotDeletingF3444] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
    uRunOnce: [SpybotDeletingF1230] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
    uRunOnce: [SpybotDeletingF4017] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
    uRunOnce: [SpybotDeletingF2525] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
    uRunOnce: [SpybotDeletingF1134] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
    uRunOnce: [SpybotDeletingF8615] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
    uRunOnce: [SpybotDeletingF8993] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
    uRunOnce: [SpybotDeletingF8072] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll"
    uRunOnce: [SpybotDeletingF3875] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
    uRunOnce: [SpybotDeletingF5802] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
    uRunOnce: [SpybotDeletingF2035] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
    uRunOnce: [SpybotDeletingF8554] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
    uRunOnce: [SpybotDeletingF5611] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
    uRunOnce: [SpybotDeletingF8730] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
    uRunOnce: [SpybotDeletingF9210] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
    uRunOnce: [SpybotDeletingF4659] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
    uRunOnce: [SpybotDeletingF2993] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
    uRunOnce: [SpybotDeletingF2150] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
    uRunOnce: [SpybotDeletingF1091] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
    uRunOnce: [SpybotDeletingF1890] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
    uRunOnce: [SpybotDeletingF2485] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
    uRunOnce: [SpybotDeletingF7120] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
    uRunOnce: [SpybotDeletingF685] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
    uRunOnce: [SpybotDeletingF6846] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
    uRunOnce: [SpybotDeletingF1202] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
    uRunOnce: [SpybotDeletingF6916] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll"
    uRunOnce: [SpybotDeletingF6672] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\ARPPRODUCTICON.exe"
    uRunOnce: [SpybotDeletingF842] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
    uRunOnce: [SpybotDeletingF9872] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
    uRunOnce: [SpybotDeletingF429] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
    uRunOnce: [SpybotDeletingF8787] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
    uRunOnce: [SpybotDeletingF5983] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
    uRunOnce: [SpybotDeletingF7574] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll_old"
    uRunOnce: [SpybotDeletingF6797] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
    uRunOnce: [SpybotDeletingF8138] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
    uRunOnce: [SpybotDeletingF7488] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
    uRunOnce: [SpybotDeletingF800] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
    uRunOnce: [SpybotDeletingF3546] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
    uRunOnce: [SpybotDeletingF3876] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
    uRunOnce: [SpybotDeletingF5552] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
    uRunOnce: [SpybotDeletingF4811] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
    uRunOnce: [SpybotDeletingF8683] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
    uRunOnce: [SpybotDeletingF142] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
    uRunOnce: [SpybotDeletingF3592] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
    uRunOnce: [SpybotDeletingF3275] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
    uRunOnce: [SpybotDeletingF1646] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
    uRunOnce: [SpybotDeletingF3511] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
    uRunOnce: [SpybotDeletingF3142] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
    uRunOnce: [SpybotDeletingF5211] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
    uRunOnce: [SpybotDeletingF3299] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
    uRunOnce: [SpybotDeletingF1981] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
    uRunOnce: [SpybotDeletingF4299] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
    uRunOnce: [SpybotDeletingF3903] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
    uRunOnce: [SpybotDeletingF9257] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
    uRunOnce: [SpybotDeletingF1356] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
    uRunOnce: [SpybotDeletingF4252] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
    uRunOnce: [SpybotDeletingF6689] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml"
    uRunOnce: [SpybotDeletingF1288] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\messages.xml"
    uRunOnce: [SpybotDeletingF3751] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml"
    uRunOnce: [SpybotDeletingF4225] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat"
    uRunOnce: [SpybotDeletingF721] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\default.xml"
    uRunOnce: [SpybotDeletingF2596] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll"
    uRunOnce: [SpybotDeletingF211] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll"
    uRunOnce: [SpybotDeletingF587] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
    uRunOnce: [SpybotDeletingF6810] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
    uRunOnce: [SpybotDeletingF5778] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
    uRunOnce: [SpybotDeletingF7660] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
    uRunOnce: [SpybotDeletingF3431] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
    uRunOnce: [SpybotDeletingF3836] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
    uRunOnce: [SpybotDeletingF4923] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
    uRunOnce: [SpybotDeletingF2686] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
    uRunOnce: [SpybotDeletingF2529] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\ARPPRODUCTICON.exe"
    uRunOnce: [SpybotDeletingF9938] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
    uRunOnce: [SpybotDeletingF5637] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
    uRunOnce: [SpybotDeletingF9544] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
    uRunOnce: [SpybotDeletingF3424] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
    uRunOnce: [SpybotDeletingF6011] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
    uRunOnce: [SpybotDeletingF0] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll_old"
    uRunOnce: [SpybotDeletingF5249] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
    uRunOnce: [SpybotDeletingF9439] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
    uRunOnce: [SpybotDeletingF9106] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
    uRunOnce: [SpybotDeletingF2531] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
    uRunOnce: [SpybotDeletingF4813] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
    uRunOnce: [SpybotDeletingF2649] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
    uRunOnce: [SpybotDeletingF4663] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
    uRunOnce: [SpybotDeletingF9932] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
    uRunOnce: [SpybotDeletingF216] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
    uRunOnce: [SpybotDeletingF480] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
    uRunOnce: [SpybotDeletingF5438] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
    uRunOnce: [SpybotDeletingF3405] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
    uRunOnce: [SpybotDeletingF5451] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
    uRunOnce: [SpybotDeletingF8019] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
    uRunOnce: [SpybotDeletingF2763] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll_old"
    uRunOnce: [SpybotDeletingF7701] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
    uRunOnce: [SpybotDeletingF6227] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
    uRunOnce: [SpybotDeletingF8963] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
    uRunOnce: [SpybotDeletingF497] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
    uRunOnce: [SpybotDeletingF7837] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
    uRunOnce: [SpybotDeletingF5434] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
    uRunOnce: [SpybotDeletingF7887] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
    uRunOnce: [SpybotDeletingF4296] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
    uRunOnce: [SpybotDeletingF1446] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
    uRunOnce: [SpybotDeletingF8612] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
    uRunOnce: [SpybotDeletingF262] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml"
    uRunOnce: [SpybotDeletingF3493] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\messages.xml"
    uRunOnce: [SpybotDeletingF3929] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml"
    uRunOnce: [SpybotDeletingF5266] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat"
    uRunOnce: [SpybotDeletingF8982] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\default.xml"
    uRunOnce: [SpybotDeletingF4934] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll"
    uRunOnce: [SpybotDeletingF1347] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll"
    uRunOnce: [SpybotDeletingF1674] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
    uRunOnce: [SpybotDeletingF8469] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
    uRunOnce: [SpybotDeletingF1942] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
    uRunOnce: [SpybotDeletingF8415] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
    uRunOnce: [SpybotDeletingF1738] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
    uRunOnce: [SpybotDeletingF7082] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
    uRunOnce: [SpybotDeletingF2643] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
    uRunOnce: [SpybotDeletingF5814] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRunOnce: [SpybotDeletingE4547] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\ARPPRODUCTICON.exe"
    mRunOnce: [SpybotDeletingE884] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
    mRunOnce: [SpybotDeletingE7902] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
    mRunOnce: [SpybotDeletingE3305] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
    mRunOnce: [SpybotDeletingE1390] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
    mRunOnce: [SpybotDeletingE4007] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
    mRunOnce: [SpybotDeletingE2226] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll_old"
    mRunOnce: [SpybotDeletingE8441] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
    mRunOnce: [SpybotDeletingE996] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
    mRunOnce: [SpybotDeletingE1156] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
    mRunOnce: [SpybotDeletingE8267] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
    mRunOnce: [SpybotDeletingE8045] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
    mRunOnce: [SpybotDeletingE5129] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
    mRunOnce: [SpybotDeletingE2785] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
    mRunOnce: [SpybotDeletingE9133] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
    mRunOnce: [SpybotDeletingE5819] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
    mRunOnce: [SpybotDeletingE6916] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
    mRunOnce: [SpybotDeletingE8219] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
    mRunOnce: [SpybotDeletingE279] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
    mRunOnce: [SpybotDeletingE6055] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
    mRunOnce: [SpybotDeletingE1104] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
    mRunOnce: [SpybotDeletingE8197] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll_old"
    mRunOnce: [SpybotDeletingE8491] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
    mRunOnce: [SpybotDeletingE2379] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
    mRunOnce: [SpybotDeletingE9937] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
    mRunOnce: [SpybotDeletingE9489] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
    mRunOnce: [SpybotDeletingE6665] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
    mRunOnce: [SpybotDeletingE6237] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
    mRunOnce: [SpybotDeletingE1888] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
    mRunOnce: [SpybotDeletingE212] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
    mRunOnce: [SpybotDeletingE1086] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
    mRunOnce: [SpybotDeletingE6630] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
    mRunOnce: [SpybotDeletingE3622] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml"
    mRunOnce: [SpybotDeletingE5742] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\messages.xml"
    mRunOnce: [SpybotDeletingE1572] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml"
    mRunOnce: [SpybotDeletingE1094] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat"
    mRunOnce: [SpybotDeletingE4881] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\default.xml"
    mRunOnce: [SpybotDeletingE9906] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll"
    mRunOnce: [SpybotDeletingE6198] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll"
    mRunOnce: [SpybotDeletingE2918] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
    mRunOnce: [SpybotDeletingE4666] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
    mRunOnce: [SpybotDeletingE4693] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
    mRunOnce: [SpybotDeletingE7055] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
    mRunOnce: [SpybotDeletingE188] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
    mRunOnce: [SpybotDeletingE2905] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
    mRunOnce: [SpybotDeletingE4046] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
    mRunOnce: [SpybotDeletingE321] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
    mRunOnce: [SpybotDeletingE5381] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\ARPPRODUCTICON.exe"
    mRunOnce: [SpybotDeletingE430] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
    mRunOnce: [SpybotDeletingE8549] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
    mRunOnce: [SpybotDeletingE552] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
    mRunOnce: [SpybotDeletingE9446] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
    mRunOnce: [SpybotDeletingE5039] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
    mRunOnce: [SpybotDeletingE1547] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll_old"
    mRunOnce: [SpybotDeletingE4766] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
    mRunOnce: [SpybotDeletingE1051] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
    mRunOnce: [SpybotDeletingE6238] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
    mRunOnce: [SpybotDeletingE1978] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
    mRunOnce: [SpybotDeletingE2058] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
    mRunOnce: [SpybotDeletingE2430] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
    mRunOnce: [SpybotDeletingE4001] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
    mRunOnce: [SpybotDeletingE9045] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
    mRunOnce: [SpybotDeletingE941] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
    mRunOnce: [SpybotDeletingE1746] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
    mRunOnce: [SpybotDeletingE5501] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
    mRunOnce: [SpybotDeletingE8293] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
    mRunOnce: [SpybotDeletingE1961] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
    mRunOnce: [SpybotDeletingE4076] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
    mRunOnce: [SpybotDeletingE79] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll_old"
    mRunOnce: [SpybotDeletingE2650] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
    mRunOnce: [SpybotDeletingE7956] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
    mRunOnce: [SpybotDeletingE2522] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
    mRunOnce: [SpybotDeletingE8701] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
    mRunOnce: [SpybotDeletingE9239] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
    mRunOnce: [SpybotDeletingE8015] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
    mRunOnce: [SpybotDeletingE4261] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
    mRunOnce: [SpybotDeletingE608] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
    mRunOnce: [SpybotDeletingE4346] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
    mRunOnce: [SpybotDeletingE7939] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
    mRunOnce: [SpybotDeletingE1179] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml"
    mRunOnce: [SpybotDeletingE2735] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\messages.xml"
    mRunOnce: [SpybotDeletingE5117] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml"
    mRunOnce: [SpybotDeletingE4959] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat"
    mRunOnce: [SpybotDeletingE161] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\default.xml"
    mRunOnce: [SpybotDeletingE4364] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll"
    mRunOnce: [SpybotDeletingE8091] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll"
    mRunOnce: [SpybotDeletingE5886] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
    mRunOnce: [SpybotDeletingE1702] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
    mRunOnce: [SpybotDeletingE1688] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
    mRunOnce: [SpybotDeletingE9843] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
    mRunOnce: [SpybotDeletingE2370] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
    mRunOnce: [SpybotDeletingE1649] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
    mRunOnce: [SpybotDeletingE6157] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
    mRunOnce: [SpybotDeletingE9665] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
    StartupFolder: C:\Users\HP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\HP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

  3. #3
    Junior Member
    Join Date
    Dec 2012
    Posts
    12

    Default

    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{4828EB99-DA1D-4695-B4CF-90CDCB7F710C} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{4828EB99-DA1D-4695-B4CF-90CDCB7F710C} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{4828EB99-DA1D-4695-B4CF-90CDCB7F710C}\1405D474D2D416C61697379616 : DHCPNameServer = 10.1.8.2
    TCP: Interfaces\{9E8BEB33-11FA-4636-B10D-77BE08229A4C} : NameServer = 0.0.0.0
    TCP: Interfaces\{AEF7CD20-AAAA-4BC1-A214-9115BAB18C84} : DHCPNameServer = 16.110.135.52 16.110.135.51
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    LSA: Notification Packages = EgisPwdFilter EgisDSPwdFilter
    x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-12-29 09:41; addon@defaulttab.com; C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\extensions\addon@defaulttab.com.xpi
    FF - ExtSQL: 2012-12-29 09:44; helperbar@helperbar.com; C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\extensions\helperbar@helperbar.com
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.autoDisableScopes - 0
    FF - user.js: extensions.shownSelectionUI - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2009-11-12 20056]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-10-3 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-3 203264]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\HP\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-12-29 107520]
    R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-9-29 338208]
    R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-6-14 697712]
    R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-6-14 646000]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-22 103992]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-8-24 26680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-3 13336]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-29 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-29 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-29 168384]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-3 2533400]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
    R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2012-10-3 344616]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-10-3 39464]
    R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-4 31088]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-10-3 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-10-3 158976]
    R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-10-3 10603904]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-8-17 39832]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-6 340240]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-13 19456]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-3 349800]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-13 57856]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-2 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]
    .
    =============== Created Last 30 ================
    .
    2012-12-29 09:30:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-12-29 09:30:04 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2012-12-29 09:30:01 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2012-12-29 08:57:12 388096 ----a-r- C:\Users\HP\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-12-29 08:57:12 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-12-29 08:55:37 -------- d-----w- C:\Users\HP\AppData\Local\Programs
    2012-12-28 20:09:03 -------- d-----w- C:\Program Files (x86)\SweetIM
    2012-12-28 20:08:55 -------- d-----w- C:\Program Files (x86)\sweetpacks bundle uninstaller
    2012-12-28 20:07:56 -------- d-----w- C:\Users\HP\AppData\Local\Smartbar
    2012-12-28 20:07:24 -------- d-----w- C:\Users\HP\AppData\Roaming\DefaultTab
    2012-12-28 20:07:18 -------- d-----w- C:\Users\HP\AppData\Local\SwvUpdater
    2012-12-28 20:01:02 -------- d-----w- C:\Program Files (x86)\WebCam Spy Pro
    2012-12-24 19:06:08 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-24 19:06:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-24 19:06:07 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-24 19:06:06 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-12 17:00:11 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-12-12 16:58:19 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-12-12 16:57:56 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-12-12 16:57:55 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-12-12 16:57:55 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    .
    ==================== Find3M ====================
    .
    2012-12-26 02:31:40 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-26 02:31:40 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-14 08:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-10-22 05:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-14 19:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-04 19:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-10-03 05:58:09 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-10-03 05:58:09 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-10-02 17:04:47 0 ----a-w- C:\Windows\ativpsrm.bin
    2012-10-01 19:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    .
    ============= FINISH: 18:44:51.53 ===============



    content from aswMBR.txt log


    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-29 18:53:21
    -----------------------------
    18:53:21.676 OS Version: Windows x64 6.1.7601 Service Pack 1
    18:53:21.676 Number of processors: 4 586 0x2505
    18:53:21.676 ComputerName: HP-HP UserName: HP
    18:53:23.189 Initialize success
    18:55:49.258 AVAST engine defs: 12122900
    18:56:16.527 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    18:56:16.527 Disk 0 Vendor: TOSHIBA_ GS00 Size: 610480MB BusType: 3
    18:56:16.527 Disk 0 MBR read successfully
    18:56:16.543 Disk 0 MBR scan
    18:56:16.543 Disk 0 unknown MBR code
    18:56:16.574 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    18:56:16.590 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 578611 MB offset 409600
    18:56:16.621 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 31565 MB offset 1185404928
    18:56:16.636 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
    18:56:16.668 Disk 0 scanning C:\Windows\system32\drivers
    18:56:26.730 Service scanning
    18:57:05.419 Modules scanning
    18:57:05.419 Disk 0 trace - called modules:
    18:57:05.980 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
    18:57:05.980 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800528d060]
    18:57:05.980 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa800513ab10]
    18:57:05.996 5 hpdskflt.sys[fffff88001bb6189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fc2050]
    18:57:07.462 AVAST engine scan C:\Windows
    18:57:10.021 AVAST engine scan C:\Windows\system32
    19:01:59.941 AVAST engine scan C:\Windows\system32\drivers
    19:02:12.985 AVAST engine scan C:\Users\HP
    19:11:52.158 AVAST engine scan C:\ProgramData
    19:12:30.052 Scan finished successfully
    04:07:46.391 Disk 0 MBR has been saved successfully to "C:\Users\HP\Desktop\MBR.dat"
    04:07:46.391 The log file has been saved successfully to "C:\Users\HP\Desktop\aswMBR.txt"

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    This most likely is the culprit
    http://www.systemlookup.com/search.p...rch=sweetim&s=



    Go here and download AdwCleaner to your desktop

    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.









    Please download Malwarebytes Anti-Malware to your desktop.

    • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan as shown below.


    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.



    The log can also be found here:

    Windows 2000 & Windows XP:
    C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

    Windows Vista & Win7:
    C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Dec 2012
    Posts
    12

    Default

    log from AdwCleaner :



    # AdwCleaner v2.104 - Logfile created 01/06/2013 at 20:26:28
    # Updated 29/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : HP - HP-HP
    # Boot Mode : Normal
    # Running from : C:\Users\HP\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : DefaultTabUpdate

    ***** [Files / Folders] *****

    File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\extensions\addon@defaulttab.com.xpi
    File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\searchplugins\search-here.xml
    Folder Deleted : C:\Program Files (x86)\SweetIM
    Folder Deleted : C:\Users\HP\AppData\Local\Smartbar
    Folder Deleted : C:\Users\HP\AppData\Local\SwvUpdater
    Folder Deleted : C:\Users\HP\AppData\Local\Temp\Smartbar
    Folder Deleted : C:\Users\HP\AppData\LocalLow\Smartbar
    Folder Deleted : C:\Users\HP\AppData\Roaming\DefaultTab
    Folder Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\extensions\helperbar@helperbar.com
    Folder Deleted : C:\Users\HP\Desktop\Software
    Folder Deleted : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
    Key Deleted : HKCU\Software\Default Tab
    Key Deleted : HKCU\Software\DefaultTab
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\SmartbarBackup
    Key Deleted : HKCU\Software\SmartbarLog
    Key Deleted : HKCU\Software\SweetIM
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
    Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
    Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
    Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    Key Deleted : HKLM\Software\Default Tab
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKLM\Software\SweetIM
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10005 --> hxxp://www.google.com

    -\\ Mozilla Firefox v17.0.1 (en-US)

    File : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\prefs.js

    C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\user.js ... Deleted !

    Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
    Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.com.my/");
    Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10005");

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [6789 octets] - [06/01/2013 20:26:28]

    ########## EOF - C:\AdwCleaner[S1].txt - [6849 octets] ##########






    *********************************
    log from Malwarebytes Anti-Malware:

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.06.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    HP :: HP-HP [administrator]

    6/1/2013 8:33:46 PM
    mbam-log-2013-01-06 (20-33-46).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 214279
    Time elapsed: 4 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets take another look


    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member
    Join Date
    Dec 2012
    Posts
    12

    Default

    OTL.txt

    OTL logfile created on: 6/1/2013 9:10:39 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

    3.80 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 50.47% Memory free
    7.60 Gb Paging File | 4.99 Gb Available in Paging File | 65.66% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 565.05 Gb Total Space | 78.46 Gb Free Space | 13.89% Space Free | Partition Type: NTFS
    Drive D: | 30.83 Gb Total Space | 4.53 Gb Free Space | 14.70% Space Free | Partition Type: NTFS
    Drive X: | 6.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: HP-HP | User Name: HP | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\HP\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    PRC - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe (IDEVFH)
    PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    PRC - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe (CyberLink)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe (Egis Technology Inc. )
    PRC - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe (Egis Technology Inc. )
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
    PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
    PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\11c7eee596ee317f7d81a8bcb9d433ef\IAStorUtil.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c11e8c8ee98243f81088d49822c15852\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c423a5b0a857fb4fe4f856a6b88787e2\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86faac9b3fb996a7210e9783b76ca1a\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0a9b81930af930d919969bb234026375\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3b9f9cee47282e10cdafb32b8c5d240a\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4db13ed5b635a3d708647855400b6750\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1eccdb959aa1aedaa2e7b4e14e332f3e\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\703b27023a4fddb44d47f4b3010c324c\mscorlib.ni.dll ()
    MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
    MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
    MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
    MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
    MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
    MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
    SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
    SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
    SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
    SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
    SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
    SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
    SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
    SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    SRV - (DvmMDES) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
    SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
    SRV - (EgisTec Service) -- C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe (Egis Technology Inc. )
    SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
    SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
    DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
    DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
    DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
    DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
    DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
    DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
    DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
    DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
    DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
    DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
    DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
    DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
    DRV:64bit: - (DVMIO) -- C:\Windows\SysNative\drivers\dvmio.sys (DeviceVM, Inc.)
    DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
    DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
    DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
    DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/37
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/37
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/3423-111089-9078-0/4?satitle={searchTerms}&mfe=Notebooks
    IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/37
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/3423-111089-9078-0/4?satitle={searchTerms}&mfe=Notebooks
    IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
    IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes\{5BE16ECD-9DBD-4138-9B3B-27ED28C45F25}: "URL" = http://www.mysearchresults.com/search?&c=4001&t=10&q={searchTerms}
    IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/3423-111089-9078-0/4?satitle={searchTerms}&mfe=Notebooks
    IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
    FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
    FF - prefs.js..extensions.enabledAddons: %7BE173B749-DB5B-4fd2-BA0E-94ECEA0CA55B%7D:7.4
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
    FF - prefs.js..extensions.enabledAddons: %7B7f57cf46-4467-4c2d-adfa-0cba7c507e54%7D:2.0.8
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - prefs.js..network.proxy.type: 0
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/12/30 10:45:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt [2012/10/03 01:19:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/12/30 10:45:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/10 19:03:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Program Files (x86)\AddLyrics\FF\

    [2012/10/03 12:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Extensions
    [2013/01/06 20:26:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\seg13vqf.default\extensions
    [2012/11/22 05:16:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\seg13vqf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/10/03 21:36:31 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\seg13vqf.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
    [2012/12/13 00:53:14 | 000,526,889 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\seg13vqf.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi
    [2012/09/13 23:16:19 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\seg13vqf.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2013/01/02 19:50:30 | 000,364,053 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\seg13vqf.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
    [2012/10/29 09:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/13 19:43:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/10/29 09:28:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012/12/10 19:03:18 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/06 09:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/12 13:35:52 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Google Drive = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
    O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll (Egis Technology Inc.)
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe (Egis Technology Inc. )
    O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000..\Run: [iFunBoxConnector] C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe ()
    O4 - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.144.207.49 203.144.207.29
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4828EB99-DA1D-4695-B4CF-90CDCB7F710C}: DhcpNameServer = 203.144.207.49 203.144.207.29
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4828EB99-DA1D-4695-B4CF-90CDCB7F710C}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E8BEB33-11FA-4636-B10D-77BE08229A4C}: NameServer = 0.0.0.0
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll (Stardock)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/08/15 09:52:57 | 000,000,140 | R--- | M] () - X:\autorun.inf -- [ UDF ]
    O33 - MountPoints2\{2ba2dcb6-0d81-11e2-a05f-e02a8230dcb6}\Shell - "" = AutoRun
    O33 - MountPoints2\{2ba2dcb6-0d81-11e2-a05f-e02a8230dcb6}\Shell\AutoRun\command - "" = X:\Setup\rsrc\AUTORUN.EXE -- [2007/08/16 09:55:00 | 000,051,048 | R--- | M] (Activision)
    O33 - MountPoints2\{2ba2dcb6-0d81-11e2-a05f-e02a8230dcb6}\Shell\dinstall\command - "" = X:\DirectX\DXSETUP.exe -- [2008/08/11 16:09:00 | 000,528,392 | R--- | M] (Microsoft Corporation)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/06 21:08:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
    [2012/12/31 22:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/12/31 22:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2012/12/31 22:24:41 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Google
    [2012/12/31 15:46:21 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Non-QWR Invoice
    [2012/12/31 15:46:00 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Supporting
    [2012/12/30 10:45:56 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\ForceField Shared Files
    [2012/12/30 10:45:55 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\CheckPoint
    [2012/12/30 10:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
    [2012/12/30 10:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
    [2012/12/30 10:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
    [2012/12/30 10:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
    [2012/12/30 05:16:43 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Malware
    [2012/12/29 17:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/12/29 17:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2012/12/29 17:30:04 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
    [2012/12/29 17:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2012/12/29 17:29:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/12/29 17:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/12/29 17:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2012/12/29 16:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2012/12/29 16:57:12 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2012/12/29 16:55:37 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Programs
    [2012/12/29 09:56:43 | 161,300,800 | ---- | C] (Hewlett-Packard ) -- C:\Users\HP\Desktop\sp50497.exe
    [2012/12/29 04:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
    [2012/12/29 04:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebCam Spy Pro
    [2012/12/29 04:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCam Spy Pro
    [2012/12/25 03:06:08 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2012/12/25 03:06:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2012/12/25 03:06:07 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2012/12/25 03:06:06 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2012/12/13 01:01:54 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
    [2012/12/13 01:01:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
    [2012/12/13 01:01:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
    [2012/12/13 01:01:53 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
    [2012/12/13 01:01:53 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
    [2012/12/13 01:01:53 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
    [2012/12/13 01:01:53 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
    [2012/12/13 01:01:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
    [2012/12/13 01:01:53 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
    [2012/12/13 01:01:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
    [2012/12/13 01:01:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
    [2012/12/13 01:01:53 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
    [2012/12/13 01:01:53 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
    [2012/12/13 01:01:53 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
    [2012/12/13 01:01:53 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
    [2012/12/13 01:01:52 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2012/12/13 01:01:52 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2012/12/13 01:01:52 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2012/12/13 01:01:52 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2012/12/13 01:01:52 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2012/12/13 01:01:52 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
    [2012/12/13 01:01:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2012/12/13 01:01:52 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
    [2012/12/13 01:01:52 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
    [2012/12/13 01:00:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/12/13 01:00:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/12/13 01:00:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/12/13 01:00:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/12/13 01:00:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/12/13 01:00:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/12/13 01:00:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/12/13 01:00:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/12/13 01:00:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/12/13 01:00:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/12/13 01:00:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/12/13 01:00:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/12/13 01:00:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/12/13 01:00:07 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/12/13 01:00:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012/12/13 00:58:19 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2012/12/13 00:58:19 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2012/12/13 00:58:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2012/12/13 00:58:19 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2012/12/13 00:58:17 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2012/12/13 00:58:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2012/12/13 00:58:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2012/12/13 00:58:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2012/12/13 00:58:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2012/12/13 00:58:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2012/12/13 00:58:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2012/12/13 00:58:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2012/12/13 00:58:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/12/13 00:58:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2012/12/13 00:58:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2012/12/13 00:58:08 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2012/12/13 00:58:08 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2012/12/13 00:57:55 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
    [2012/12/13 00:57:55 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
    [2012/12/10 08:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

    ========== Files - Modified Within 30 Days ==========

    [2013/01/06 21:08:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
    [2013/01/06 20:36:49 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/06 20:36:49 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/06 20:36:49 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/06 20:34:56 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/06 20:34:56 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/06 20:32:48 | 000,000,162 | ---- | M] () -- C:\Users\HP\AppData\Local\mv_Photo.xml
    [2013/01/06 20:32:48 | 000,000,115 | ---- | M] () -- C:\Users\HP\AppData\Local\mv_music.xml
    [2013/01/06 20:30:48 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/06 20:29:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/06 20:28:35 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/06 20:23:38 | 000,551,997 | ---- | M] () -- C:\Users\HP\Desktop\AdwCleaner.exe
    [2013/01/06 20:19:35 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/05 16:34:37 | 007,325,822 | ---- | M] () -- C:\Users\HP\Desktop\Beyond Belief.mp4
    [2013/01/03 07:46:16 | 000,427,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/03 07:46:09 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP.job
    [2012/12/30 16:15:33 | 000,009,431 | ---- | M] () -- C:\Windows\wininit.ini
    [2012/12/30 10:46:36 | 000,415,877 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2012/12/29 18:38:46 | 000,006,784 | ---- | M] () -- C:\Quarantine.lst
    [2012/12/29 18:38:46 | 000,003,169 | ---- | M] () -- C:\Quarantine.reg
    [2012/12/29 17:28:52 | 000,001,068 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/12/29 16:57:13 | 000,002,961 | ---- | M] () -- C:\Users\HP\Desktop\HiJackThis.lnk
    [2012/12/29 10:01:33 | 161,300,800 | ---- | M] (Hewlett-Packard ) -- C:\Users\HP\Desktop\sp50497.exe
    [2012/12/26 10:34:57 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\iFunbox.lnk
    [2012/12/26 10:31:40 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/12/26 10:31:40 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/12/25 18:01:46 | 000,099,026 | ---- | M] () -- C:\Users\HP\Desktop\per_challenge.pdf
    [2012/12/25 17:56:09 | 000,063,850 | ---- | M] () -- C:\Users\HP\Desktop\per_summary.pdf
    [2012/12/17 01:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2012/12/16 22:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2012/12/16 22:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2012/12/16 22:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/12/09 10:22:04 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP-HP$.job



    to be continued

  8. #8
    Junior Member
    Join Date
    Dec 2012
    Posts
    12

    Default

    OTL.txt Part II


    ========== Files Created - No Company Name ==========

    [2013/01/06 20:23:31 | 000,551,997 | ---- | C] () -- C:\Users\HP\Desktop\AdwCleaner.exe
    [2013/01/05 16:27:11 | 007,325,822 | ---- | C] () -- C:\Users\HP\Desktop\Beyond Belief.mp4
    [2012/12/31 22:24:47 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/31 22:24:47 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/30 16:31:40 | 000,006,784 | ---- | C] () -- C:\Quarantine.lst
    [2012/12/30 16:31:40 | 000,003,169 | ---- | C] () -- C:\Quarantine.reg
    [2012/12/30 10:45:58 | 000,415,877 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2012/12/29 18:38:47 | 000,009,431 | ---- | C] () -- C:\Windows\wininit.ini
    [2012/12/29 17:30:09 | 000,002,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2012/12/29 17:28:52 | 000,001,068 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/12/29 16:57:13 | 000,002,961 | ---- | C] () -- C:\Users\HP\Desktop\HiJackThis.lnk
    [2012/12/25 18:01:46 | 000,099,026 | ---- | C] () -- C:\Users\HP\Desktop\per_challenge.pdf
    [2012/12/25 17:56:09 | 000,063,850 | ---- | C] () -- C:\Users\HP\Desktop\per_summary.pdf
    [2012/10/03 22:12:05 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2012/10/03 22:12:05 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2012/10/03 22:12:05 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
    [2012/10/03 22:12:05 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2012/10/03 22:12:03 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2012/10/03 01:04:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/10/03 00:55:05 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
    [2012/10/03 00:54:03 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2012/10/03 00:54:03 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2012/10/03 00:54:03 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2012/10/03 00:54:03 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2012/10/03 00:54:02 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2012/10/03 00:54:01 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2012/10/03 00:52:56 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
    [2012/10/03 00:52:56 | 000,000,253 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
    [2012/10/02 11:50:40 | 000,000,162 | ---- | C] () -- C:\Users\HP\AppData\Local\mv_Photo.xml
    [2012/10/02 11:50:40 | 000,000,115 | ---- | C] () -- C:\Users\HP\AppData\Local\mv_music.xml

    ========== ZeroAccess Check ==========

    [2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/10/13 09:27:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2012/10/13 09:27:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2012/10/16 21:42:06 | 000,000,824 | ---- | M] ()(C:\Users\HP\Desktop\X-Men Origins Wolverine?.lnk) -- C:\Users\HP\Desktop\X-Men Origins Wolverine™.lnk
    [2012/10/16 21:42:06 | 000,000,824 | ---- | C] ()(C:\Users\HP\Desktop\X-Men Origins Wolverine?.lnk) -- C:\Users\HP\Desktop\X-Men Origins Wolverine™.lnk
    [2012/08/28 10:36:58 | 015,744,623 | ---- | M] ()(C:\Users\HP\Desktop\Thaitanium - Ta Leung - ??????.mp4) -- C:\Users\HP\Desktop\Thaitanium - Ta Leung - ทะลึ่ง.mp4
    [2012/08/28 10:36:29 | 015,744,623 | ---- | C] ()(C:\Users\HP\Desktop\Thaitanium - Ta Leung - ??????.mp4) -- C:\Users\HP\Desktop\Thaitanium - Ta Leung - ทะลึ่ง.mp4

    < End of report >

  9. #9
    Junior Member
    Join Date
    Dec 2012
    Posts
    12

    Default

    Extras.Txt


    OTL Extras logfile created on: 6/1/2013 9:10:39 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

    3.80 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 50.47% Memory free
    7.60 Gb Paging File | 4.99 Gb Available in Paging File | 65.66% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 565.05 Gb Total Space | 78.46 Gb Free Space | 13.89% Space Free | Partition Type: NTFS
    Drive D: | 30.83 Gb Total Space | 4.53 Gb Free Space | 14.70% Space Free | Partition Type: NTFS
    Drive X: | 6.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: HP-HP | User Name: HP | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2208690772-3602456008-4151856646-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{038A452B-415F-4780-BD39-ABC0E3572131}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{17A167EB-1F91-4095-9773-72EF9677EF21}" = rport=139 | protocol=6 | dir=out | app=system |
    "{1870E2F8-7D72-4EC5-9FD9-8A7E6942C5D2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{1904551C-8275-4EB6-8106-A5DD8E655D8D}" = rport=138 | protocol=17 | dir=out | app=system |
    "{23AB7BB7-10FE-42D9-A115-F0497004D18B}" = rport=137 | protocol=17 | dir=out | app=system |
    "{34241B8B-A8B3-4BA7-8A2E-9357672DEDEE}" = lport=139 | protocol=6 | dir=in | app=system |
    "{4B260AA7-5B12-45D4-8332-8D21BFF04716}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4DED7B0A-330D-4C84-8533-9D718D46B438}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{63B573BF-5D33-4C93-A53F-4257D0E983A6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7930D10D-8254-4C3F-9DAD-676EE0916D6B}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{7E96FEFE-9070-4DA3-AC3F-180DC22D2F9F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{92C559DA-1665-4BA5-BD67-6AF18B742760}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9FE0A7A2-5E65-4227-A5FB-37690F407B36}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A6279C8A-4C25-4D4D-BB18-617169617E76}" = lport=138 | protocol=17 | dir=in | app=system |
    "{AEA56CDB-9C0A-492D-9B65-86B589211912}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AEDCCE61-1F21-4B88-8305-6F9A6A7B3223}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CD3B508E-DB45-48F1-9F84-0422B5C3C2E0}" = lport=445 | protocol=6 | dir=in | app=system |
    "{D9D80EB1-AB73-4445-8364-62F5E59D75E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E61FAB5E-E166-4940-98F2-A87EFE370B5E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{E7C1E192-EEC6-44B9-B374-403A88CA5845}" = lport=137 | protocol=17 | dir=in | app=system |
    "{EB579529-73E5-4832-B4C8-7A827E606351}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{EC0FE624-A44D-45AA-94F4-AA3F4AAF7980}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{F82088BF-C010-48CC-80FE-FAD5362E9BB3}" = rport=445 | protocol=6 | dir=out | app=system |
    "{FFC1E232-BAC0-4230-B8A9-24F6FC0D97B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05B88DFB-DC97-462C-8916-94D3F783E373}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{08554644-83F4-46E2-9480-F7D4F5CF54DA}" = protocol=6 | dir=in | app=c:\users\hp\appdata\local\temp\bundlesweetimsetup.exe |
    "{0999F144-FB5F-4865-A32E-8B0CA6C58F3B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{09C41928-1D0E-400A-9E1F-9D715DB0A238}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{11356BB6-2079-426B-8D7D-573EE2B5996A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{12CBBFD3-A39F-4FA7-88EF-17BF8F629D01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{15F76E24-79F7-4D72-9039-EA220A427B10}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{1A82985B-730F-4D83-A012-EA61BE446ECA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
    "{1DBDC98E-660A-4005-AA60-EF5F5388E297}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{2A61542E-A1E3-49E1-B9B2-2EE46620B012}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{2BD82AF9-F020-4DC0-BCAF-49F10766177D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{2C9D9E4D-7E35-4F2B-B672-8F0F9FB03BAD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{2CF68606-E2B9-4BF9-B60C-271A23FC02F0}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\x-men origins - wolverine(tm)\binaries\wolverine.exe |
    "{2DF0ADED-1C7F-4F72-89AC-057DB7B88C1B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
    "{32538083-F578-4DA0-9E0F-DA6D84172D8B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{328645B4-07CD-4A81-BA41-0CCD9EC8E066}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
    "{34C0F3DB-8F20-4A7A-9D30-0AA2B82A469A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{363E84A7-2B3D-46DC-AD12-5444C699C624}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
    "{385D8030-CC08-4DD5-8D7E-A5ADF9FD4D31}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{43865ADB-A825-410F-B4EF-65F9F02E8C06}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\x-men origins - wolverine(tm)\binaries\wolverine.exe |
    "{439F6D80-2C32-4993-8B10-6E4007C97787}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{4D9AC48D-6A44-4E70-8057-CFDCB7531D41}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{51306C0C-9A6C-4204-8BD3-4A6DD7ED8BFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5A3FF81D-C314-4BD7-A6D7-460CC6A10151}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{5A52469B-0B98-4B88-BC4C-8DA5ADE728B0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{5AAB07ED-CF4C-4E46-9F01-DBA452BA4454}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{609A2E7F-8F48-46D0-8A6E-4407849573EF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{6B6747F2-D4C4-43F9-85CE-F528B110E920}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{6CB07BB1-1793-4E7C-BC01-1D0A324B9B19}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
    "{70002089-0DBD-4E15-AD00-40038079F7AA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{777F971F-381A-4ACD-8ED6-4DB6340398BB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{7C165E6C-42B5-4D93-8D9E-54F487333552}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{7CCC70B4-AD4C-42CB-840B-A21A011735BE}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
    "{7D770881-7DE3-4F54-8076-99EC82837405}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{8B9DBA11-A7BB-4A69-B91D-69A0DDAE04C0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
    "{8C3AB154-204D-4055-82E4-0166A4639029}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
    "{93C24EA6-9CF8-4621-B5AF-FA2B98483EAA}" = protocol=17 | dir=in | app=c:\users\hp\appdata\local\temp\bundlesweetimsetup.exe |
    "{98362E9E-C42C-44D5-9644-F29B3A94779D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{9B187CA0-E53D-487C-A539-BC32D1428AAB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{9B871AA1-2AB0-4E58-9CB1-440A96A77D48}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A46A6D47-64E3-4FF5-8602-740136071887}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A749FD10-BC89-4FC6-B792-B6301807D51D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{A8F31FD7-8C49-430B-8832-69ED662E9BF1}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
    "{AC7FB83E-CA98-4EC8-9295-138F7CEBA112}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{B0B10D4F-4B4B-429A-B863-74AD2087A68F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{B14217F7-0EBE-4C3A-884E-52C0B84FCEBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{B3D54201-E17F-4E3D-87F9-F098C64B8DD1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{B5186F91-BCC1-405D-A1C6-66C005978409}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
    "{B7A886D9-EF0A-457A-8F08-48FE28EF8BBC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{B7ABD0CC-D35B-412C-BBDC-DBBFBF5D464B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{BA7D1C89-D377-40C9-A076-E6E08D98D877}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BE64AAAB-C457-4802-A6D4-2FFD5C7B9AA4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
    "{BEBA1232-EDC4-4557-A924-AB3993A3FB80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CB0C0E4F-C5C3-4005-AE2E-F1507E8B1B90}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{CF91A56B-FB81-43F7-A366-334E86971C26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{D233C335-8D3D-4D4D-A252-01220DCBDF25}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
    "{DBB5C0E4-1BC8-4A1A-B565-749E679E017B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E1B2CFFC-3B89-4F2C-8804-DE6DA806064D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{E28B422A-5378-4287-8E3E-5A34DDA933C6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{E45B06FB-056F-4B9E-B6DE-481B2F931983}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E886997A-3F0F-4D5D-9046-98EE726A94BC}" = protocol=6 | dir=out | app=system |
    "{EA07E2E8-08C1-4B63-8669-49F843FFE0DC}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{EBA80C46-AF6D-40CB-912B-B0EF48C19925}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{EF3189B9-47B5-4E0C-88D0-5BF6AC86F0C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F6C6DD7C-44EE-4C86-B464-91F0D6D5CB62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FA7D069D-BF1E-4EB3-A188-E71168717496}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "TCP Query User{7006BA03-E634-4544-BAB4-1812521BC67A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
    "TCP Query User{95F00C34-719D-4711-A54B-170822EEE968}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
    "TCP Query User{B4F2C2AE-CAB9-4381-8A5C-977C487F6A30}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "UDP Query User{934CEA05-BAEA-4F57-9964-588CE243F1C6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
    "UDP Query User{AC0422D8-AD53-413A-8A2F-3D04C93CD268}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
    "UDP Query User{CA89F87A-A5D5-4744-BD01-64C8B892B634}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{09BDCC02-80F2-4EFB-8F1B-A807D2C38E31}" = HP MediaSmart Movies and TV
    "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences Pro
    "{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{3497481A-4317-34E7-A3C7-682D6B04730F}" = ATI Catalyst Install Manager
    "{426FAE9F-7373-496E-A215-9DB7EF4398CF}" = Validity Sensors DDK
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
    "{564DE271-941C-77F2-3ABD-641752365269}" = ccc-utility64
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{929685C0-FC01-45E1-8B39-2948E8FF861E}" = Intel(R) Wireless Display
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
    "{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
    "{BE6725F2-6D15-477C-86C6-4522B8569D62}" = HP MediaSmart SmartMenu
    "{C84FFB07-C687-45CF-91C8-868DB8D8C8CD}" = HP 3D DriveGuard
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2013
    "KLiteCodecPack64_is1" = K-Lite Codec Pack 9.3.0 (64-bit)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR 4.00 (64-bit)
    "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "{022D02A7-3A59-19B0-BB22-4CBCD1D8B93A}" = CCC Help Korean
    "{03464997-382C-0ADE-1F2B-C95A29A883F5}" = Catalyst Control Center Graphics Previews Vista
    "{066A7B2B-F58C-19A0-CF1F-A0D6F0E8AB4D}" = CCC Help Polish
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0AB77D72-0443-3C05-33E6-6D6AEC9E55F5}" = Catalyst Control Center Localization All
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{10D4BC5F-F73E-4CD1-A7C2-DF215307A811}" = ZoneAlarm Firewall
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1CD86E2F-BA36-217B-0D09-E8C49E008F4A}" = CCC Help Portuguese
    "{1DCB0115-82D7-7D8E-378B-45657C4D84F8}" = CCC Help Hungarian
    "{1E6E990A-728D-4700-9B0A-2CA541C93A12}" = Catalyst Control Center - Branding
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{264779DD-BD81-4B42-968F-71DBF32EEBD1}" = HP Documentation
    "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
    "{2756F572-C383-4A2E-B1F6-7315E6DA308A}" = ZoneAlarm Security
    "{2DD843FA-F8BF-DA87-5679-1FC73EA8838A}" = CCC Help Thai
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{38A8F2F8-B2A2-DB36-D774-31C1AE97393D}" = CCC Help Czech
    "{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
    "{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{41C0AEB9-A323-5A12-4914-F57E5B52B67D}" = CCC Help Chinese Traditional
    "{42050F4E-1ACC-F60A-E7A1-C550178A200B}" = CCC Help English
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{46E4F84F-B32F-7E9B-B461-A8533D9C96EF}" = CCC Help Swedish
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D31A225-453B-4798-8452-9F2181CA6971}" = SoftStylus
    "{519CA6F8-B396-8A5E-5B8D-0FDA7F972532}" = CCC Help Spanish
    "{52A1CBA7-3AA0-3AB6-FF61-8F3F6D525E30}" = CCC Help Chinese Standard
    "{52BE22C7-5CA2-4150-8948-88C9DD7F6B56}" = QuickShare
    "{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
    "{626B5918-B395-4B69-A06B-14C3EB1C3942}" = HP Quick Launch
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{64F67489-76BB-4CDD-A236-F954BE774B35}" = NVIDIA PhysX
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6827AF4C-65D1-5A04-462A-0E561AC20DA6}" = CCC Help Dutch
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6B114F59-6732-4EA5-A33E-ACC6DEC49B61}" = HP Software Framework
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = Activision(R)
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{890661A5-1747-7195-1F65-CD1D5978DFDB}" = Catalyst Control Center InstallProxy
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B51577F-A9C6-3AD7-C71F-158E453C45DC}" = CCC Help Italian
    "{8B785B3D-FC40-2CDC-6274-13D5A7C6BAAD}" = CCC Help Danish
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{96A16297-EB8B-A974-2230-B570C3B0FAFD}" = CCC Help German
    "{9738B675-341A-00C5-0870-47C4986AAEBA}" = CCC Help French
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C7DC529-66C6-55DA-C0CA-1718987AC28D}" = CCC Help Japanese
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FD42D42-E8F1-ABAA-D234-A66033F66721}" = CCC Help Norwegian
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB71D51A-DD83-4C22-98E2-DF8CB803F65D}" = Alcor Micro USB Card Reader
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
    "{AE70615C-D28C-6159-8846-9B1EECC84BEE}" = PX Profile Update
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{B435CD99-8921-4900-C5D1-34300810C8BD}" = ccc-core-static
    "{B7604945-ED3D-4AE5-AA69-7D5CFF333FE1}" = TouchCopy 11
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{BD59AF8D-79AC-97E6-C091-282EE4220220}" = CCC Help Finnish
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CBD9111A-AE2F-36A3-5244-23752102657B}" = Catalyst Control Center Graphics Previews Common
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E05871BE-C931-25A2-EB3B-045A12DDEC45}" = CCC Help Turkish
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = HP SimplePass Identity Protection
    "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F168C640-58E3-832C-6D32-6AC044B78B87}" = CCC Help Greek
    "{F568121D-0A82-3320-2230-84D1F4685C44}" = CCC Help Russian
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "5513-1208-7298-9440" = JDownloader 0.9
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ERUNT_is1" = ERUNT 1.1j
    "Fences Pro" = Fences Pro
    "Google Chrome" = Google Chrome
    "HP Photo Creations" = HP Photo Creations
    "iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = X-Men Origins - Wolverine(TM)
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{AB71D51A-DD83-4C22-98E2-DF8CB803F65D}" = Alcor Micro USB Card Reader
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = HP SimplePass Identity Protection
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.3.0
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NirSoft BlueScreenView" = NirSoft BlueScreenView
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "uTorrent" = µTorrent
    "WinLiveSuite" = Windows Live Essentials
    "Wisdom-soft ScreenHunter 6.0 Free" = Wisdom-soft ScreenHunter 6.0 Free
    "ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
    "ZumoDrive" = HP CloudDrive

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 3/12/2012 9:28:14 AM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
    Description =

    Error - 3/12/2012 12:05:03 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
    Description =

    Error - 9/12/2012 2:40:09 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
    Description =

    Error - 12/12/2012 1:36:04 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
    Description =

    Error - 13/12/2012 5:44:24 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
    Description =

    Error - 17/12/2012 8:56:21 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
    Description =

    Error - 17/12/2012 8:59:40 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
    Description =

    Error - 17/12/2012 9:20:07 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
    Description =

    Error - 18/12/2012 5:42:38 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
    Description =

    Error - 23/12/2012 9:26:07 AM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
    Description =

    [ HP Wireless Assistant Events ]
    Error - 1/10/2012 11:35:25 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/10/2012 11:35:25 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/10/2012 11:35:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/10/2012 11:35:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/10/2012 11:36:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/10/2012 11:36:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/10/2012 11:37:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/10/2012 11:37:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/10/2012 11:38:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/10/2012 11:38:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    [ Spybot - Search and Destroy Events ]
    Error - 29/12/2012 6:38:51 AM | Computer Name = HP-HP | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions

    Error - 29/12/2012 6:39:14 AM | Computer Name = HP-HP | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions

    Error - 30/12/2012 4:15:34 AM | Computer Name = HP-HP | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions

    [ System Events ]
    Error - 30/12/2012 4:04:59 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7023
    Description = The Server service terminated with the following error: %%13

    Error - 30/12/2012 4:14:13 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 30/12/2012 4:14:15 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 30/12/2012 4:24:37 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 30/12/2012 4:26:20 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 30/12/2012 4:26:21 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 30/12/2012 4:34:45 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 30/12/2012 4:34:50 AM | Computer Name = HP-HP | Source = DCOM | ID = 10010
    Description =

    Error - 30/12/2012 4:36:14 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 30/12/2012 4:36:15 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5


    < End of report >

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,



    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :processes
      killallprocesses
      
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      C:\Program Files (x86)\sweetpacks bundle uninstaller
      
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces



    Let me know if your still having problems after running this fix
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •