Browsers Hijacked and HijackThis unable to remove entries

[ken545]

Lets take another look


OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

[tinkertailor]

OTL.txt

OTL logfile created on: 6/1/2013 9:10:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

3.80 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 50.47% Memory free
7.60 Gb Paging File | 4.99 Gb Available in Paging File | 65.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 565.05 Gb Total Space | 78.46 Gb Free Space | 13.89% Space Free | Partition Type: NTFS
Drive D: | 30.83 Gb Total Space | 4.53 Gb Free Space | 14.70% Space Free | Partition Type: NTFS
Drive X: | 6.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HP-HP | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\HP\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe (IDEVFH)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\11c7eee596ee317f7d81a8bcb9d433ef\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c11e8c8ee98243f81088d49822c15852\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c423a5b0a857fb4fe4f856a6b88787e2\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86faac9b3fb996a7210e9783b76ca1a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0a9b81930af930d919969bb234026375\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3b9f9cee47282e10cdafb32b8c5d240a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4db13ed5b635a3d708647855400b6750\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1eccdb959aa1aedaa2e7b4e14e332f3e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\703b27023a4fddb44d47f4b3010c324c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (DvmMDES) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (EgisTec Service) -- C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe (Egis Technology Inc. )
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (DVMIO) -- C:\Windows\SysNative\drivers\dvmio.sys (DeviceVM, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/37
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/37
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/3423-111089-9078-0/4?satitle={searchTerms}&mfe=Notebooks
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/37
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/3423-111089-9078-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes\{5BE16ECD-9DBD-4138-9B3B-27ED28C45F25}: "URL" = http://www.mysearchresults.com/search?&c=4001&t=10&q={searchTerms}
IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/3423-111089-9078-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7BE173B749-DB5B-4fd2-BA0E-94ECEA0CA55B%7D:7.4
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B7f57cf46-4467-4c2d-adfa-0cba7c507e54%7D:2.0.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/12/30 10:45:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt [2012/10/03 01:19:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/12/30 10:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/10 19:03:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Program Files (x86)\AddLyrics\FF\

[2012/10/03 12:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Extensions
[2013/01/06 20:26:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\seg13vqf.default\extensions
[2012/11/22 05:16:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\seg13vqf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/10/03 21:36:31 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\seg13vqf.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2012/12/13 00:53:14 | 000,526,889 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\seg13vqf.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi
[2012/09/13 23:16:19 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\seg13vqf.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/01/02 19:50:30 | 000,364,053 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\seg13vqf.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2012/10/29 09:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/13 19:43:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/29 09:28:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/12/10 19:03:18 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/06 09:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/12 13:35:52 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000..\Run: [iFunBoxConnector] C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe ()
O4 - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.144.207.49 203.144.207.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4828EB99-DA1D-4695-B4CF-90CDCB7F710C}: DhcpNameServer = 203.144.207.49 203.144.207.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4828EB99-DA1D-4695-B4CF-90CDCB7F710C}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E8BEB33-11FA-4636-B10D-77BE08229A4C}: NameServer = 0.0.0.0
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 09:52:57 | 000,000,140 | R--- | M] () - X:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2ba2dcb6-0d81-11e2-a05f-e02a8230dcb6}\Shell - "" = AutoRun
O33 - MountPoints2\{2ba2dcb6-0d81-11e2-a05f-e02a8230dcb6}\Shell\AutoRun\command - "" = X:\Setup\rsrc\AUTORUN.EXE -- [2007/08/16 09:55:00 | 000,051,048 | R--- | M] (Activision)
O33 - MountPoints2\{2ba2dcb6-0d81-11e2-a05f-e02a8230dcb6}\Shell\dinstall\command - "" = X:\DirectX\DXSETUP.exe -- [2008/08/11 16:09:00 | 000,528,392 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/06 21:08:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2012/12/31 22:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/31 22:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/12/31 22:24:41 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Google
[2012/12/31 15:46:21 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Non-QWR Invoice
[2012/12/31 15:46:00 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Supporting
[2012/12/30 10:45:56 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\ForceField Shared Files
[2012/12/30 10:45:55 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\CheckPoint
[2012/12/30 10:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/12/30 10:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012/12/30 10:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/12/30 10:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2012/12/30 05:16:43 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Malware
[2012/12/29 17:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/12/29 17:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/12/29 17:30:04 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012/12/29 17:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/12/29 17:29:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/12/29 17:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/12/29 17:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/12/29 16:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/12/29 16:57:12 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/12/29 16:55:37 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Programs
[2012/12/29 09:56:43 | 161,300,800 | ---- | C] (Hewlett-Packard ) -- C:\Users\HP\Desktop\sp50497.exe
[2012/12/29 04:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
[2012/12/29 04:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebCam Spy Pro
[2012/12/29 04:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCam Spy Pro
[2012/12/25 03:06:08 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/25 03:06:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/25 03:06:07 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/25 03:06:06 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/13 01:01:54 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/12/13 01:01:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/12/13 01:01:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/12/13 01:01:53 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/12/13 01:01:53 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/12/13 01:01:53 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/12/13 01:01:53 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/12/13 01:01:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/12/13 01:01:53 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/12/13 01:01:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/12/13 01:01:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/12/13 01:01:53 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/12/13 01:01:53 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/12/13 01:01:53 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/12/13 01:01:53 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/12/13 01:01:52 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/12/13 01:01:52 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/12/13 01:01:52 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/12/13 01:01:52 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/12/13 01:01:52 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/12/13 01:01:52 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/12/13 01:01:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/12/13 01:01:52 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/12/13 01:01:52 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/12/13 01:00:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/13 01:00:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/13 01:00:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/13 01:00:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/13 01:00:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/13 01:00:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/13 01:00:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/13 01:00:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/13 01:00:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/13 01:00:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/13 01:00:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/13 01:00:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/13 01:00:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/13 01:00:07 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/13 01:00:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/13 00:58:19 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/13 00:58:19 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/13 00:58:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/13 00:58:19 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/13 00:58:17 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/13 00:58:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/13 00:58:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/13 00:58:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/13 00:58:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/13 00:58:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/13 00:58:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/13 00:58:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/13 00:58:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/13 00:58:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/13 00:58:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/13 00:58:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/13 00:58:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/13 00:58:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/13 00:58:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/13 00:58:08 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/12/13 00:58:08 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/12/13 00:57:55 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/13 00:57:55 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/10 08:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

========== Files - Modified Within 30 Days ==========

[2013/01/06 21:08:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2013/01/06 20:36:49 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/06 20:36:49 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/06 20:36:49 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/06 20:34:56 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/06 20:34:56 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/06 20:32:48 | 000,000,162 | ---- | M] () -- C:\Users\HP\AppData\Local\mv_Photo.xml
[2013/01/06 20:32:48 | 000,000,115 | ---- | M] () -- C:\Users\HP\AppData\Local\mv_music.xml
[2013/01/06 20:30:48 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/06 20:29:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/06 20:28:35 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/06 20:23:38 | 000,551,997 | ---- | M] () -- C:\Users\HP\Desktop\AdwCleaner.exe
[2013/01/06 20:19:35 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/05 16:34:37 | 007,325,822 | ---- | M] () -- C:\Users\HP\Desktop\Beyond Belief.mp4
[2013/01/03 07:46:16 | 000,427,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/03 07:46:09 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP.job
[2012/12/30 16:15:33 | 000,009,431 | ---- | M] () -- C:\Windows\wininit.ini
[2012/12/30 10:46:36 | 000,415,877 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/12/29 18:38:46 | 000,006,784 | ---- | M] () -- C:\Quarantine.lst
[2012/12/29 18:38:46 | 000,003,169 | ---- | M] () -- C:\Quarantine.reg
[2012/12/29 17:28:52 | 000,001,068 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/12/29 16:57:13 | 000,002,961 | ---- | M] () -- C:\Users\HP\Desktop\HiJackThis.lnk
[2012/12/29 10:01:33 | 161,300,800 | ---- | M] (Hewlett-Packard ) -- C:\Users\HP\Desktop\sp50497.exe
[2012/12/26 10:34:57 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\iFunbox.lnk
[2012/12/26 10:31:40 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/26 10:31:40 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/25 18:01:46 | 000,099,026 | ---- | M] () -- C:\Users\HP\Desktop\per_challenge.pdf
[2012/12/25 17:56:09 | 000,063,850 | ---- | M] () -- C:\Users\HP\Desktop\per_summary.pdf
[2012/12/17 01:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 22:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 22:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 22:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/09 10:22:04 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP-HP$.job



to be continued

[tinkertailor]

OTL.txt Part II


========== Files Created - No Company Name ==========

[2013/01/06 20:23:31 | 000,551,997 | ---- | C] () -- C:\Users\HP\Desktop\AdwCleaner.exe
[2013/01/05 16:27:11 | 007,325,822 | ---- | C] () -- C:\Users\HP\Desktop\Beyond Belief.mp4
[2012/12/31 22:24:47 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/31 22:24:47 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/30 16:31:40 | 000,006,784 | ---- | C] () -- C:\Quarantine.lst
[2012/12/30 16:31:40 | 000,003,169 | ---- | C] () -- C:\Quarantine.reg
[2012/12/30 10:45:58 | 000,415,877 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/12/29 18:38:47 | 000,009,431 | ---- | C] () -- C:\Windows\wininit.ini
[2012/12/29 17:30:09 | 000,002,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/12/29 17:28:52 | 000,001,068 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/12/29 16:57:13 | 000,002,961 | ---- | C] () -- C:\Users\HP\Desktop\HiJackThis.lnk
[2012/12/25 18:01:46 | 000,099,026 | ---- | C] () -- C:\Users\HP\Desktop\per_challenge.pdf
[2012/12/25 17:56:09 | 000,063,850 | ---- | C] () -- C:\Users\HP\Desktop\per_summary.pdf
[2012/10/03 22:12:05 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/10/03 22:12:05 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/10/03 22:12:05 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/10/03 22:12:05 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/10/03 22:12:03 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/10/03 01:04:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/03 00:55:05 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012/10/03 00:54:03 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/10/03 00:54:03 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2012/10/03 00:54:03 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2012/10/03 00:54:03 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/10/03 00:54:02 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/10/03 00:54:01 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/10/03 00:52:56 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2012/10/03 00:52:56 | 000,000,253 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2012/10/02 11:50:40 | 000,000,162 | ---- | C] () -- C:\Users\HP\AppData\Local\mv_Photo.xml
[2012/10/02 11:50:40 | 000,000,115 | ---- | C] () -- C:\Users\HP\AppData\Local\mv_music.xml

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/13 09:27:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 09:27:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/10/16 21:42:06 | 000,000,824 | ---- | M] ()(C:\Users\HP\Desktop\X-Men Origins Wolverine?.lnk) -- C:\Users\HP\Desktop\X-Men Origins Wolverine™.lnk
[2012/10/16 21:42:06 | 000,000,824 | ---- | C] ()(C:\Users\HP\Desktop\X-Men Origins Wolverine?.lnk) -- C:\Users\HP\Desktop\X-Men Origins Wolverine™.lnk
[2012/08/28 10:36:58 | 015,744,623 | ---- | M] ()(C:\Users\HP\Desktop\Thaitanium - Ta Leung - ??????.mp4) -- C:\Users\HP\Desktop\Thaitanium - Ta Leung - ทะลึ่ง.mp4
[2012/08/28 10:36:29 | 015,744,623 | ---- | C] ()(C:\Users\HP\Desktop\Thaitanium - Ta Leung - ??????.mp4) -- C:\Users\HP\Desktop\Thaitanium - Ta Leung - ทะลึ่ง.mp4

< End of report >

[tinkertailor]

Extras.Txt


OTL Extras logfile created on: 6/1/2013 9:10:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

3.80 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 50.47% Memory free
7.60 Gb Paging File | 4.99 Gb Available in Paging File | 65.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 565.05 Gb Total Space | 78.46 Gb Free Space | 13.89% Space Free | Partition Type: NTFS
Drive D: | 30.83 Gb Total Space | 4.53 Gb Free Space | 14.70% Space Free | Partition Type: NTFS
Drive X: | 6.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HP-HP | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2208690772-3602456008-4151856646-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038A452B-415F-4780-BD39-ABC0E3572131}" = lport=10243 | protocol=6 | dir=in | app=system |
"{17A167EB-1F91-4095-9773-72EF9677EF21}" = rport=139 | protocol=6 | dir=out | app=system |
"{1870E2F8-7D72-4EC5-9FD9-8A7E6942C5D2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1904551C-8275-4EB6-8106-A5DD8E655D8D}" = rport=138 | protocol=17 | dir=out | app=system |
"{23AB7BB7-10FE-42D9-A115-F0497004D18B}" = rport=137 | protocol=17 | dir=out | app=system |
"{34241B8B-A8B3-4BA7-8A2E-9357672DEDEE}" = lport=139 | protocol=6 | dir=in | app=system |
"{4B260AA7-5B12-45D4-8332-8D21BFF04716}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DED7B0A-330D-4C84-8533-9D718D46B438}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63B573BF-5D33-4C93-A53F-4257D0E983A6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7930D10D-8254-4C3F-9DAD-676EE0916D6B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E96FEFE-9070-4DA3-AC3F-180DC22D2F9F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{92C559DA-1665-4BA5-BD67-6AF18B742760}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9FE0A7A2-5E65-4227-A5FB-37690F407B36}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6279C8A-4C25-4D4D-BB18-617169617E76}" = lport=138 | protocol=17 | dir=in | app=system |
"{AEA56CDB-9C0A-492D-9B65-86B589211912}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AEDCCE61-1F21-4B88-8305-6F9A6A7B3223}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD3B508E-DB45-48F1-9F84-0422B5C3C2E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{D9D80EB1-AB73-4445-8364-62F5E59D75E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E61FAB5E-E166-4940-98F2-A87EFE370B5E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E7C1E192-EEC6-44B9-B374-403A88CA5845}" = lport=137 | protocol=17 | dir=in | app=system |
"{EB579529-73E5-4832-B4C8-7A827E606351}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EC0FE624-A44D-45AA-94F4-AA3F4AAF7980}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F82088BF-C010-48CC-80FE-FAD5362E9BB3}" = rport=445 | protocol=6 | dir=out | app=system |
"{FFC1E232-BAC0-4230-B8A9-24F6FC0D97B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B88DFB-DC97-462C-8916-94D3F783E373}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{08554644-83F4-46E2-9480-F7D4F5CF54DA}" = protocol=6 | dir=in | app=c:\users\hp\appdata\local\temp\bundlesweetimsetup.exe |
"{0999F144-FB5F-4865-A32E-8B0CA6C58F3B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09C41928-1D0E-400A-9E1F-9D715DB0A238}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{11356BB6-2079-426B-8D7D-573EE2B5996A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{12CBBFD3-A39F-4FA7-88EF-17BF8F629D01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{15F76E24-79F7-4D72-9039-EA220A427B10}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1A82985B-730F-4D83-A012-EA61BE446ECA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{1DBDC98E-660A-4005-AA60-EF5F5388E297}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2A61542E-A1E3-49E1-B9B2-2EE46620B012}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{2BD82AF9-F020-4DC0-BCAF-49F10766177D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2C9D9E4D-7E35-4F2B-B672-8F0F9FB03BAD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2CF68606-E2B9-4BF9-B60C-271A23FC02F0}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\x-men origins - wolverine(tm)\binaries\wolverine.exe |
"{2DF0ADED-1C7F-4F72-89AC-057DB7B88C1B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{32538083-F578-4DA0-9E0F-DA6D84172D8B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{328645B4-07CD-4A81-BA41-0CCD9EC8E066}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
"{34C0F3DB-8F20-4A7A-9D30-0AA2B82A469A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{363E84A7-2B3D-46DC-AD12-5444C699C624}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{385D8030-CC08-4DD5-8D7E-A5ADF9FD4D31}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{43865ADB-A825-410F-B4EF-65F9F02E8C06}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\x-men origins - wolverine(tm)\binaries\wolverine.exe |
"{439F6D80-2C32-4993-8B10-6E4007C97787}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4D9AC48D-6A44-4E70-8057-CFDCB7531D41}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{51306C0C-9A6C-4204-8BD3-4A6DD7ED8BFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A3FF81D-C314-4BD7-A6D7-460CC6A10151}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{5A52469B-0B98-4B88-BC4C-8DA5ADE728B0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5AAB07ED-CF4C-4E46-9F01-DBA452BA4454}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{609A2E7F-8F48-46D0-8A6E-4407849573EF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{6B6747F2-D4C4-43F9-85CE-F528B110E920}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6CB07BB1-1793-4E7C-BC01-1D0A324B9B19}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{70002089-0DBD-4E15-AD00-40038079F7AA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{777F971F-381A-4ACD-8ED6-4DB6340398BB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7C165E6C-42B5-4D93-8D9E-54F487333552}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{7CCC70B4-AD4C-42CB-840B-A21A011735BE}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{7D770881-7DE3-4F54-8076-99EC82837405}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8B9DBA11-A7BB-4A69-B91D-69A0DDAE04C0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{8C3AB154-204D-4055-82E4-0166A4639029}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{93C24EA6-9CF8-4621-B5AF-FA2B98483EAA}" = protocol=17 | dir=in | app=c:\users\hp\appdata\local\temp\bundlesweetimsetup.exe |
"{98362E9E-C42C-44D5-9644-F29B3A94779D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9B187CA0-E53D-487C-A539-BC32D1428AAB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9B871AA1-2AB0-4E58-9CB1-440A96A77D48}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A46A6D47-64E3-4FF5-8602-740136071887}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A749FD10-BC89-4FC6-B792-B6301807D51D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A8F31FD7-8C49-430B-8832-69ED662E9BF1}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{AC7FB83E-CA98-4EC8-9295-138F7CEBA112}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{B0B10D4F-4B4B-429A-B863-74AD2087A68F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{B14217F7-0EBE-4C3A-884E-52C0B84FCEBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B3D54201-E17F-4E3D-87F9-F098C64B8DD1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{B5186F91-BCC1-405D-A1C6-66C005978409}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
"{B7A886D9-EF0A-457A-8F08-48FE28EF8BBC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{B7ABD0CC-D35B-412C-BBDC-DBBFBF5D464B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA7D1C89-D377-40C9-A076-E6E08D98D877}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BE64AAAB-C457-4802-A6D4-2FFD5C7B9AA4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{BEBA1232-EDC4-4557-A924-AB3993A3FB80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB0C0E4F-C5C3-4005-AE2E-F1507E8B1B90}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{CF91A56B-FB81-43F7-A366-334E86971C26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D233C335-8D3D-4D4D-A252-01220DCBDF25}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{DBB5C0E4-1BC8-4A1A-B565-749E679E017B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1B2CFFC-3B89-4F2C-8804-DE6DA806064D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{E28B422A-5378-4287-8E3E-5A34DDA933C6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{E45B06FB-056F-4B9E-B6DE-481B2F931983}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E886997A-3F0F-4D5D-9046-98EE726A94BC}" = protocol=6 | dir=out | app=system |
"{EA07E2E8-08C1-4B63-8669-49F843FFE0DC}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{EBA80C46-AF6D-40CB-912B-B0EF48C19925}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{EF3189B9-47B5-4E0C-88D0-5BF6AC86F0C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6C6DD7C-44EE-4C86-B464-91F0D6D5CB62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA7D069D-BF1E-4EB3-A188-E71168717496}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{7006BA03-E634-4544-BAB4-1812521BC67A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{95F00C34-719D-4711-A54B-170822EEE968}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{B4F2C2AE-CAB9-4381-8A5C-977C487F6A30}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{934CEA05-BAEA-4F57-9964-588CE243F1C6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{AC0422D8-AD53-413A-8A2F-3D04C93CD268}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{CA89F87A-A5D5-4744-BD01-64C8B892B634}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09BDCC02-80F2-4EFB-8F1B-A807D2C38E31}" = HP MediaSmart Movies and TV
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences Pro
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{3497481A-4317-34E7-A3C7-682D6B04730F}" = ATI Catalyst Install Manager
"{426FAE9F-7373-496E-A215-9DB7EF4398CF}" = Validity Sensors DDK
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{564DE271-941C-77F2-3ABD-641752365269}" = ccc-utility64
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{929685C0-FC01-45E1-8B39-2948E8FF861E}" = Intel(R) Wireless Display
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{BE6725F2-6D15-477C-86C6-4522B8569D62}" = HP MediaSmart SmartMenu
"{C84FFB07-C687-45CF-91C8-868DB8D8C8CD}" = HP 3D DriveGuard
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.3.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 (64-bit)
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{022D02A7-3A59-19B0-BB22-4CBCD1D8B93A}" = CCC Help Korean
"{03464997-382C-0ADE-1F2B-C95A29A883F5}" = Catalyst Control Center Graphics Previews Vista
"{066A7B2B-F58C-19A0-CF1F-A0D6F0E8AB4D}" = CCC Help Polish
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0AB77D72-0443-3C05-33E6-6D6AEC9E55F5}" = Catalyst Control Center Localization All
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{10D4BC5F-F73E-4CD1-A7C2-DF215307A811}" = ZoneAlarm Firewall
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CD86E2F-BA36-217B-0D09-E8C49E008F4A}" = CCC Help Portuguese
"{1DCB0115-82D7-7D8E-378B-45657C4D84F8}" = CCC Help Hungarian
"{1E6E990A-728D-4700-9B0A-2CA541C93A12}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{264779DD-BD81-4B42-968F-71DBF32EEBD1}" = HP Documentation
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2756F572-C383-4A2E-B1F6-7315E6DA308A}" = ZoneAlarm Security
"{2DD843FA-F8BF-DA87-5679-1FC73EA8838A}" = CCC Help Thai
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{38A8F2F8-B2A2-DB36-D774-31C1AE97393D}" = CCC Help Czech
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41C0AEB9-A323-5A12-4914-F57E5B52B67D}" = CCC Help Chinese Traditional
"{42050F4E-1ACC-F60A-E7A1-C550178A200B}" = CCC Help English
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46E4F84F-B32F-7E9B-B461-A8533D9C96EF}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D31A225-453B-4798-8452-9F2181CA6971}" = SoftStylus
"{519CA6F8-B396-8A5E-5B8D-0FDA7F972532}" = CCC Help Spanish
"{52A1CBA7-3AA0-3AB6-FF61-8F3F6D525E30}" = CCC Help Chinese Standard
"{52BE22C7-5CA2-4150-8948-88C9DD7F6B56}" = QuickShare
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{626B5918-B395-4B69-A06B-14C3EB1C3942}" = HP Quick Launch
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64F67489-76BB-4CDD-A236-F954BE774B35}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6827AF4C-65D1-5A04-462A-0E561AC20DA6}" = CCC Help Dutch
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B114F59-6732-4EA5-A33E-ACC6DEC49B61}" = HP Software Framework
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = Activision(R)
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{890661A5-1747-7195-1F65-CD1D5978DFDB}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B51577F-A9C6-3AD7-C71F-158E453C45DC}" = CCC Help Italian
"{8B785B3D-FC40-2CDC-6274-13D5A7C6BAAD}" = CCC Help Danish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96A16297-EB8B-A974-2230-B570C3B0FAFD}" = CCC Help German
"{9738B675-341A-00C5-0870-47C4986AAEBA}" = CCC Help French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C7DC529-66C6-55DA-C0CA-1718987AC28D}" = CCC Help Japanese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FD42D42-E8F1-ABAA-D234-A66033F66721}" = CCC Help Norwegian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB71D51A-DD83-4C22-98E2-DF8CB803F65D}" = Alcor Micro USB Card Reader
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AE70615C-D28C-6159-8846-9B1EECC84BEE}" = PX Profile Update
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B435CD99-8921-4900-C5D1-34300810C8BD}" = ccc-core-static
"{B7604945-ED3D-4AE5-AA69-7D5CFF333FE1}" = TouchCopy 11
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD59AF8D-79AC-97E6-C091-282EE4220220}" = CCC Help Finnish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBD9111A-AE2F-36A3-5244-23752102657B}" = Catalyst Control Center Graphics Previews Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E05871BE-C931-25A2-EB3B-045A12DDEC45}" = CCC Help Turkish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = HP SimplePass Identity Protection
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F168C640-58E3-832C-6D32-6AC044B78B87}" = CCC Help Greek
"{F568121D-0A82-3320-2230-84D1F4685C44}" = CCC Help Russian
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ERUNT_is1" = ERUNT 1.1j
"Fences Pro" = Fences Pro
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = X-Men Origins - Wolverine(TM)
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{AB71D51A-DD83-4C22-98E2-DF8CB803F65D}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = HP SimplePass Identity Protection
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.3.0
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft ScreenHunter 6.0 Free" = Wisdom-soft ScreenHunter 6.0 Free
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZumoDrive" = HP CloudDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/12/2012 9:28:14 AM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 3/12/2012 12:05:03 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 9/12/2012 2:40:09 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 12/12/2012 1:36:04 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 13/12/2012 5:44:24 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 17/12/2012 8:56:21 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 17/12/2012 8:59:40 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 17/12/2012 9:20:07 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 18/12/2012 5:42:38 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 23/12/2012 9:26:07 AM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

[ HP Wireless Assistant Events ]
Error - 1/10/2012 11:35:25 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:35:25 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:35:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:35:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:36:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:36:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:37:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:37:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:38:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:38:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ Spybot - Search and Destroy Events ]
Error - 29/12/2012 6:38:51 AM | Computer Name = HP-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 29/12/2012 6:39:14 AM | Computer Name = HP-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 30/12/2012 4:15:34 AM | Computer Name = HP-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 30/12/2012 4:04:59 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%13

Error - 30/12/2012 4:14:13 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 30/12/2012 4:14:15 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 30/12/2012 4:24:37 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 30/12/2012 4:26:20 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 30/12/2012 4:26:21 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 30/12/2012 4:34:45 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 30/12/2012 4:34:50 AM | Computer Name = HP-HP | Source = DCOM | ID = 10010
Description =

Error - 30/12/2012 4:36:14 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 30/12/2012 4:36:15 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5


< End of report >

[ken545]

Hi,



Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :processes
  killallprocesses
  
  :OTL
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  C:\Program Files (x86)\sweetpacks bundle uninstaller
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces

Let me know if your still having problems after running this fix

[tinkertailor]

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\HP\Desktop\cmd.bat deleted successfully.
C:\Users\HP\Desktop\cmd.txt deleted successfully.
C:\Program Files (x86)\sweetpacks bundle uninstaller folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP
->Temp folder emptied: 79243546 bytes
->Temporary Internet Files folder emptied: 146193568 bytes
->Java cache emptied: 10412 bytes
->FireFox cache emptied: 122213884 bytes
->Google Chrome cache emptied: 186035060 bytes
->Flash cache emptied: 18826 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64692752 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 106863 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50506 bytes
RecycleBin emptied: 462096 bytes

Total Files Cleaned = 571.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01062013_213654

Files\Folders moved on Reboot...
C:\Users\HP\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\HP\AppData\Local\Temp\~DF5D091389D5620BDC.TMP moved successfully.
C:\Windows\temp\ZLT058e0.TMP moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


*****************************

Computer appeared to be back to normal now. the hjacked browser tabs are gone and the system seem faster now. Let me reboot and play around with it for some time. Thanks for your marvellous assistance.

[ken545]

Do that, we can dig deeper if need be.

Let me tell you about downloading programs, you need to take the time and read what your getting, for profits even some legit programs are starting to add bundled software, a good example is about month ago a friend sent me a PowerPoint presentation, I didn't have PP on the computer I was on so I wanted to download the free PowerPoint Reader, the first site I went into after I started reading it wanted to install Babylon Toolbar and make it my default search engine, its difficult to remove, needless to say I got out of that site real quick, I finally found the legit version right on the Microsoft site, so be careful what you download, Read, Read Read what your getting