Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: SelectionLinks or some virus on laptop

  1. #1
    Junior Member
    Join Date
    Jan 2013
    Posts
    12

    Default

    The symptoms started with ads showing up above Googe search results and yahoo email inbox. the ads would have a youtube tab and another tab and very small font that said ad not from this site. I found Selectionlinks in my add/remove programs and uninstalled it but then things got much worse. I have screen shots of following: Now my Yahoo home page is formatted improperly and ie opens blank and after a time opens google but a box opens also saying coupons available. I ran TFC.exe, SB S&D and AWCleaner, things were removed but nothing fixed

    ----------------------------

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by David's HP at 9:13:26 on 2013-01-17
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3932.2204 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\AEADISRV.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Intel\AMT\LMS.exe
    C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
    C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\vds.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\ytbb.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {300BEC06-B743-4D19-86B9-11DC711D7FFB} - <orphaned>
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    uRun: [EPSON WorkForce 610 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_SCAE3.tmp" /EF "HKCU"
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
    mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    StartupFolder: C:\Users\DAVID'~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOVESL~1.LNK - C:\Windows\Installer\{0ED016B2-C009-4253-9DDD-BDB8DA9CE181}\_E02D80CCF13FCD5A87F526.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{714B57E2-1594-4D0F-B2EE-FE056C10D83E} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}\145727F62716455727E6562737 : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}\478656D616E636166756 : DHCPNameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}\D656C616275616 : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}\E416473616A5145523 : DHCPNameServer = 191.168.2.100
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
    x64-Run: [Getting started with MacDrive 8] "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
    x64-Run: [picon] "C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
    x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\q52m1tjn.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-01-13 09:25; ; C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\q52m1tjn.default\extensions\plugin@selectionlinks.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MDFSYSNT;MacDrive file system driver;C:\Windows\System32\drivers\MDFSYSNT.SYS [2010-5-18 306280]
    R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\System32\drivers\MDPMGRNT.SYS [2011-3-18 32352]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R1 CBDisk;CBDisk;C:\Windows\System32\drivers\CBDisk.sys [2011-3-18 70344]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
    R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]
    R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-5-4 218112]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-16 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-16 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-16 168384]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2011-3-18 2058776]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-3-18 227896]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-6-23 56344]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2011-3-18 7680512]
    R3 rismcx64;RICOH Smart Card Reader;C:\Windows\System32\drivers\rismcx64.sys [2011-3-18 79872]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-3-18 401920]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2011-3-18 290008]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2011-3-18 17920]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-18 20992]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-18 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-18 1255736]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
    .
    =============== Created Last 30 ================
    .
    2013-01-17 05:42:35 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96A9935F-BC0C-4DF4-ACC2-7B994B436EC6}\mpengine.dll
    2013-01-17 02:33:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-01-17 02:33:02 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2013-01-17 02:32:56 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-01-15 10:41:37 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-14 18:35:37 -------- d-----w- C:\Program Files (x86)\HRBlock2012
    2013-01-13 15:27:02 -------- d-----w- C:\Users\David's HP\AppData\Roaming\Bullzip
    2013-01-13 15:26:22 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LXKPTPRC.DLL
    2013-01-13 15:26:12 -------- d-----w- C:\Users\David's HP\AppData\Local\Programs
    2013-01-13 15:25:25 -------- d-----w- C:\Users\David's HP\AppData\Local\Coupon Companion Plugin
    2013-01-10 21:01:54 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-01-10 21:01:45 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-10 21:01:45 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-10 21:01:38 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-10 21:01:37 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-10 21:01:37 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-10 21:01:37 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-10 21:01:36 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-10 21:01:35 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-10 21:00:47 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-12-22 16:05:23 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-22 16:05:23 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-22 16:05:22 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-22 16:05:21 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-18 19:08:32 209112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2012-12-18 19:08:32 209112 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2013-01-12 23:24:00 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-12 23:23:59 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    .
    ============= FINISH: 9:14:03.42 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/18/2011 12:37:02 PM
    System Uptime: 1/16/2013 11:00:38 PM (10 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30DB
    Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Intel(R) Genuine processor | 2534/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 232 GiB total, 98.09 GiB free.
    D: is FIXED (FAT32) - 1 GiB total, 0.976 GiB free.
    E: is CDROM ()
    F: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) Active Management Technology - SOL
    Device ID: PCI\VEN_8086&DEV_2A47&SUBSYS_30DB103C&REV_07\3&33FD14CA&0&1B
    Manufacturer: Intel
    Name: Intel(R) Active Management Technology - SOL (COM3)
    PNP Device ID: PCI\VEN_8086&DEV_2A47&SUBSYS_30DB103C&REV_07\3&33FD14CA&0&1B
    Service: Serial
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) 82567LM Gigabit Network Connection
    Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_30DB103C&REV_03\3&33FD14CA&0&C8
    Manufacturer: Intel
    Name: Intel(R) 82567LM Gigabit Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_30DB103C&REV_03\3&33FD14CA&0&C8
    Service: e1yexpress
    .
    ==== System Restore Points ===================
    .
    RP291: 1/16/2013 10:56:34 PM - Removed ASPCA Reminder by We-Care.com v4.1.21.1
    RP292: 1/16/2013 10:57:49 PM - Removed ASPCA Reminder by We-Care.com v4.1.21.1
    RP293: 1/16/2013 11:40:42 PM - C
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    7-Zip 9.20 (x64 edition)
    Adobe AIR
    Adobe Flash Player 10 ActiveX 64-bit
    Adobe Flash Player 10 Plugin 64-bit
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.01)
    Amazon Games & Software Downloader
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    ClubWPT
    Coupon Printer for Windows
    DivX Setup
    DraftDominator Version 13.0d
    Dropbox
    DVDFab 8.1.0.0 (16/06/2011) Qt
    Epson Event Manager
    EPSON Scan
    EPSON WorkForce 610 Series Printer Uninstall
    EpsonNet Print
    EpsonNet Setup
    ESET Online Scanner v3
    FileHippo.com Update Checker
    Google Chrome
    Google Earth
    Google Update Helper
    H&R Block Deluxe + Efile + State 2010
    H&R Block Deluxe + Efile + State 2011
    H&R Block Deluxe + Efile + State 2012
    H&R Block Illinois 2010
    H&R Block Illinois 2011
    Hewlett-Packard ACLM.NET v1.2.1.1
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    HP 3D DriveGuard
    HP Customer Experience Enhancements
    HP ESU for Microsoft Windows 7
    HP Product Detection
    HP Quick Launch Buttons
    HP Support Assistant
    HP Webcam
    ImgBurn
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Interface
    Intel(R) Network Connections Drivers
    Intel(R) PROSet/Wireless WiFi Software
    Intel® Active Management Technology
    iTunes
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 24
    Java(TM) 6 Update 26 (64-bit)
    Java(TM) SE Development Kit 6 Update 25 (64-bit)
    K-Lite Codec Pack (64-bit) v4.5.0
    K-Lite Codec Pack 7.0.0 (Full)
    LineupDominator Version 8.0a Full
    MacDrive 8
    Magic ISO Maker v5.5 (build 0281)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.70.0.1100
    MFL Import Version 4.0a
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Help Viewer 1.1
    Microsoft Mouse and Keyboard Center
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2008 (64-bit)
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server VSS Writer
    Microsoft Streets & Trips 2009
    Microsoft Virtual PC 2007
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 Express - ENU
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Moveslink
    MozBackup 1.4.10
    Mozilla Firefox 18.0 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 17.0.2 (x86 en-US)
    Notepad++
    PCDrafter 2012
    Pdf995 (installed by H&R Block)
    PdfEdit995 (installed by H&R Block)
    Picasa 3
    Projections Dominator Version 6.0g
    QLBCASL
    QuickTime
    RICOH R5C853 Driver Vista x64 Ver.1.00.09
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
    Spybot - Search & Destroy
    SpywareBlaster 4.4
    Sql Server Customer Experience Improvement Program
    Suunto USB Drive
    Suunto USB Driver
    Suunto USB Serial Port (Driver Removal)
    Synaptics Pointing Device Driver
    TradeDominator version 7.0a
    TweetDeck
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.1.7
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/16/2013 5:53:06 PM, Error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).
    1/16/2013 11:01:45 PM, Error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    1/16/2013 11:00:11 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll
    1/16/2013 10:22:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio Endpoint Builder service, but this action failed with the following error: Circular service dependency was specified.
    1/16/2013 10:22:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
    1/16/2013 10:22:33 PM, Error: Service Control Manager [7019] - The Windows Audio Endpoint Builder service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.
    1/16/2013 10:22:33 PM, Error: Service Control Manager [7017] - Detected circular dependencies demand starting Windows Audio Endpoint Builder. Check the service dependency tree.
    1/16/2013 10:22:33 PM, Error: Service Control Manager [7000] - The Plug and Play service failed to start due to the following error: A system shutdown is in progress.
    1/16/2013 10:22:33 PM, Error: Service Control Manager [7000] - The HomeGroup Listener service failed to start due to the following error: A system shutdown is in progress.
    1/16/2013 10:21:33 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
    1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/16/2013 10:21:24 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    1/16/2013 10:20:56 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "193" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
    1/16/2013 10:20:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    1/16/2013 10:15:25 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
    1/16/2013 10:04:17 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    1/15/2013 5:02:22 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{81B78C55-7D5D-4F9D-85CF-FC78FF735239}. The master browser is stopping or an election is being forced.
    1/10/2013 3:12:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    1/10/2013 3:12:16 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================



    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-17 09:14:22
    -----------------------------
    09:14:22.955 OS Version: Windows x64 6.1.7601 Service Pack 1
    09:14:22.955 Number of processors: 2 586 0x170A
    09:14:22.955 ComputerName: DAVES-6930P UserName: David's HP
    09:14:24.375 Initialize success
    09:14:33.268 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
    09:14:33.268 Disk 0 Vendor: Hitachi_HTS723225L9A360 FCDOC60D Size: 238475MB BusType: 11
    09:14:33.284 Disk 0 MBR read successfully
    09:14:33.284 Disk 0 MBR scan
    09:14:33.299 Disk 0 Windows 7 default MBR code
    09:14:33.299 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    09:14:33.315 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 237344 MB offset 206848
    09:14:33.331 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 1027 MB offset 486287550
    09:14:33.362 Disk 0 scanning C:\Windows\system32\drivers
    09:14:40.397 Service scanning
    09:14:58.743 Modules scanning
    09:14:58.759 Disk 0 trace - called modules:
    09:14:58.790 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    09:14:58.790 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c29060]
    09:14:58.806 3 CLASSPNP.SYS[fffff880011c643f] -> nt!IofCallDriver -> [0xfffffa8004c28430]
    09:14:58.821 5 hpdskflt.sys[fffff88001464189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004a87680]
    09:14:58.821 Scan finished successfully
    09:15:12.159 Disk 0 MBR has been saved successfully to "C:\Users\David's HP\Desktop\MBR.dat"
    09:15:12.159 The log file has been saved successfully to "C:\Users\David's HP\Desktop\aswMBR.txt"

    I wanted to say I think the trouble strated when I accidentally hit something on Google about ASPCA and then these dog paws started showing up on search reults. I also uninstalled the ASPCA from add/remove programs
    Last edited by tashi; 2013-01-17 at 18:49. Reason: Merged two posts, as per FAQ. ;-)

  2. #2
    Malware Team Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    202

    Default

    Hello atcdav and welcome to the Safer Networking Forum.

    My name is Satchfan and I would be glad to help you with your computer problem.

    Please read the following guidelines which will help to make cleaning your machine easier:
    • please follow all instructions in the order posted
    • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
    • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
    • if you don't understand something, please don't hesitate to ask for clarification before proceeding
    • the fixes are specific to your problem and should only be used for this issue on this machine.
    • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

    IMPORTANT:

    Please DO NOT install/uninstall any programs unless asked to.
    Please DO NOT run any scans other than those requested


    We need some different scans to see what is happening here.

    Spybot TeaTimer

    Please disable this program and leave it disabled until we are done as it can interfere with some of the tools we use.
    • launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
    • on the left hand side, click on Tools, then click on the Resident Icon in the list.
    • uncheck the Resident TeaTimer (Protection of overall system settings) active box.
    • click on the System Startup icon in the List
    • uncheck the "TeaTimer" box and click OK at any prompts.
    • if Teatimer gives you a warning that changes were made, click Allow Change when prompted.
    • exit Spybot S&D.

    (When we are finished, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup).

    ===================================================

    Run RogueKiller

    IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

    Download RogueKiller to your desktop.
    • close all running programs
    • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
    • when the prescan is finished, click on Scan
    • click on Report and copy/paste the content in your next post.[/list
      If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
    Please post the contents of the RKreport.txt in your next reply.

    Remember: do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again.

    ===================================================

    Download and run OTL
    • download OTL to your desktop.
    • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • click Scan all users.
    • under Custom Scan paste this in

      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      %systemroot%\*. /rp /s
      DRIVES
      CREATERESTOREPOINT
    • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
    • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • you may need two posts to fit them both in.

    Logs to include with next post:

    OTL.txt
    Extras.txt
    RKreport.txt


    Thanks

  3. #3
    Junior Member
    Join Date
    Jan 2013
    Posts
    12

    Default

    I have done somethings since original post. I uninstalled Java, removed a known program - moveslink. I uninstalled Spybot2, I could not find teatimer nor how to disable it. The interface was different than describes. Is Spybot2 different than Spybot S&D? I also reset I.E. and I uninstalled and reinstalled Firefox. I was receiving help at Geekstogo but they didnt seem to find anything, he was unable to get OTL to run with his instructions, your instructions worked fine.. Requested logs follow.

  4. #4
    Junior Member
    Join Date
    Jan 2013
    Posts
    12

    Default

    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : David's HP [Admin rights]
    Mode : Scan -- Date : 01/19/2013 17:26:11

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\DAVID"~1\AppData\Local\Temp\IHU3976.tmp.exe -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS723225L9A360 ATA Device +++++
    --- User ---
    [MBR] cceb967c25929b1867c7a47bee28129b
    [BSP] 6cc8b66dcb99ee5a5e444df68528afb2 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 237344 Mo
    2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 486287550 | Size: 1027 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01192013_02d1726.txt >>
    RKreport[1]_S_01192013_02d1726.txt



    OTL logfile created on: 1/19/2013 5:30:02 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David's HP\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.84 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 55.55% Memory free
    7.68 Gb Paging File | 5.78 Gb Available in Paging File | 75.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 231.78 Gb Total Space | 88.41 Gb Free Space | 38.14% Space Free | Partition Type: NTFS
    Drive D: | 1.00 Gb Total Space | 0.98 Gb Free Space | 97.43% Space Free | Partition Type: FAT32
    Drive F: | 3.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: DAVES-6930P | User Name: David's HP | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/19 17:28:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David's HP\Desktop\OTL(1).exe
    PRC - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2012/08/09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    PRC - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/02/25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    PRC - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
    PRC - [2009/07/15 11:05:24 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    PRC - [2009/07/15 11:05:16 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
    PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    PRC - [2009/02/23 18:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/21 12:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2009/03/12 14:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
    MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2010/05/04 12:33:00 | 000,218,112 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
    SRV:64bit: - [2010/03/05 10:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/03/05 10:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/03/05 10:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2008/07/15 16:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
    SRV - [2013/01/18 21:14:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/10/23 11:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
    SRV - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC)
    SRV - [2009/07/15 11:05:24 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
    SRV - [2009/07/15 11:05:16 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
    SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
    SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/28 20:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
    DRV:64bit: - [2011/07/28 07:08:24 | 000,294,232 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
    DRV:64bit: - [2011/07/26 18:38:28 | 000,017,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn.sys -- (HBtnKey)
    DRV:64bit: - [2011/06/03 13:34:10 | 010,628,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
    DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
    DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV:64bit: - [2011/03/18 13:47:41 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/21 12:11:36 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
    DRV:64bit: - [2011/02/21 12:11:36 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
    DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/10/18 02:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2010/06/03 18:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/05/18 08:07:26 | 000,306,280 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
    DRV:64bit: - [2010/05/05 08:43:24 | 000,032,352 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
    DRV:64bit: - [2010/04/07 15:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
    DRV:64bit: - [2010/02/25 14:18:58 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2010/01/13 11:15:54 | 000,070,344 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CBDisk.sys -- (CBDisk)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
    DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/23 11:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 16:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/10/09 02:34:32 | 001,875,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
    DRV:64bit: - [2007/08/08 16:39:46 | 000,060,928 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2007/03/07 12:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
    DRV:64bit: - [2007/01/29 05:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
    DRV:64bit: - [2006/12/20 00:08:00 | 000,079,872 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\..\SearchScopes,DefaultScope = {09C04023-9666-407B-AB08-D55EA82E4B89}
    IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\..\SearchScopes\{09C04023-9666-407B-AB08-D55EA82E4B89}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
    FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4
    FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5
    FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121219100509
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/18 13:26:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/18 13:26:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 21:14:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/18 21:14:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/18 20:42:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/01/18 20:42:42 | 000,000,000 | ---D | M]

    [2013/01/17 18:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Extensions
    [2011/03/18 13:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2013/01/17 18:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions
    [2013/01/17 18:15:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2013/01/17 18:15:58 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\adblockpopups@jessehakanen.net.xpi
    [2013/01/17 18:15:58 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
    [2013/01/17 18:14:12 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/01/18 21:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/01/18 21:14:31 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/05/04 06:10:19 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
    [2012/02/22 16:58:26 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/02/22 16:58:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2013/01/04 21:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/01/04 21:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.searchnu.com/406
    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.searchnu.com/406
    CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
    CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/01/17 13:36:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found.
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
    O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - Startup: C:\Users\David's HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub...irector/sw.cab (Reg Error: Key error.)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/C...ataManager.CAB (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 191.168.2.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{714B57E2-1594-4D0F-B2EE-FE056C10D83E}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}: DhcpNameServer = 191.168.2.100
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/19 17:28:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David's HP\Desktop\OTL(1).exe
    [2013/01/19 17:25:40 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\RK_Quarantine
    [2013/01/18 21:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/01/18 20:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2013/01/18 20:46:50 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
    [2013/01/18 20:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2013/01/18 20:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2013/01/18 20:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2013/01/18 20:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2013/01/18 20:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2013/01/18 20:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2013/01/18 20:41:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/01/17 16:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2013/01/17 15:47:06 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\GrantPerms
    [2013/01/17 14:06:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/17 13:39:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/01/17 13:24:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/17 09:00:37 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\Draft files
    [2013/01/17 08:42:00 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Documents\ProcAlyzer Dumps
    [2013/01/16 22:28:06 | 002,712,200 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\David's HP\Desktop\procexp.exe
    [2013/01/16 20:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/01/16 17:52:37 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\David's HP\Desktop\TFC.exe
    [2013/01/14 12:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2012
    [2013/01/14 12:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2012
    [2013/01/14 12:27:23 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\H&R Block At Home Deluxe + State 2012
    [2013/01/14 12:27:23 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Documents\Amazon Downloader Logs
    [2013/01/14 12:27:15 | 000,935,344 | ---- | C] (Amazon Services LLC) -- C:\Users\David's HP\Desktop\H_R_Block_At_Home_Deluxe_State_2012_Downloader.exe
    [2013/01/14 11:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2013/01/13 09:27:02 | 000,000,000 | ---D | C] -- C:\Users\David's HP\AppData\Roaming\Bullzip
    [2013/01/13 09:26:12 | 000,000,000 | ---D | C] -- C:\Users\David's HP\AppData\Local\Programs
    [2013/01/13 09:25:25 | 000,000,000 | ---D | C] -- C:\Users\David's HP\AppData\Local\Coupon Companion Plugin
    [2013/01/10 15:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
    [2013/01/10 15:01:54 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
    [2013/01/10 15:01:45 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2013/01/10 15:01:36 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2013/01/10 15:01:35 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2012/12/22 10:05:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2012/12/22 10:05:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2012/12/22 10:05:22 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2012/12/22 10:05:21 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

    ========== Files - Modified Within 30 Days ==========

    [2013/01/19 17:31:05 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/19 17:28:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David's HP\Desktop\OTL(1).exe
    [2013/01/19 17:24:11 | 000,764,416 | ---- | M] () -- C:\Users\David's HP\Desktop\RogueKiller.exe
    [2013/01/19 17:18:04 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/19 17:17:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/19 13:59:59 | 000,020,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/19 13:59:59 | 000,020,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/18 20:49:06 | 3092,459,520 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/18 20:46:54 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/01/18 20:42:38 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2013/01/17 18:08:30 | 000,356,375 | ---- | M] () -- C:\Users\David's HP\Desktop\bookmarks.html
    [2013/01/17 16:49:25 | 000,337,164 | ---- | M] () -- C:\Users\David's HP\Desktop\moreads.jpg
    [2013/01/17 16:46:25 | 000,296,769 | ---- | M] () -- C:\Users\David's HP\Desktop\selectionlinks.jpg
    [2013/01/17 16:22:11 | 000,085,325 | ---- | M] () -- C:\Users\David's HP\Desktop\google1.jpg
    [2013/01/17 16:21:37 | 000,065,393 | ---- | M] () -- C:\Users\David's HP\Desktop\google2.jpg
    [2013/01/17 16:16:09 | 000,872,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/17 16:16:09 | 000,728,404 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/17 16:16:09 | 000,147,430 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/17 15:51:01 | 000,257,218 | ---- | M] () -- C:\Users\David's HP\Desktop\sysmain.jpg
    [2013/01/17 15:47:06 | 000,456,948 | ---- | M] () -- C:\Users\David's HP\Desktop\GrantPerms.exe
    [2013/01/17 15:34:33 | 000,000,273 | ---- | M] () -- C:\WirelessDiagLog.csv
    [2013/01/17 14:43:31 | 000,133,024 | ---- | M] () -- C:\Users\David's HP\Desktop\yahoomess.jpg
    [2013/01/17 13:36:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/01/17 13:23:26 | 000,061,440 | ---- | M] ( ) -- C:\Users\David's HP\Desktop\VEW.exe
    [2013/01/17 09:09:40 | 000,989,486 | ---- | M] () -- C:\Users\David's HP\Desktop\coupons_aol.dib
    [2013/01/16 23:08:37 | 000,115,244 | ---- | M] () -- C:\Users\David's HP\Desktop\yahoomess.png
    [2013/01/16 22:28:07 | 002,712,200 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\David's HP\Desktop\procexp.exe
    [2013/01/16 21:23:17 | 000,554,087 | ---- | M] () -- C:\Users\David's HP\Desktop\AdwCleaner.exe
    [2013/01/16 20:07:35 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/16 17:52:46 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\David's HP\Desktop\TFC.exe
    [2013/01/14 12:37:15 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk
    [2013/01/14 12:27:16 | 000,935,344 | ---- | M] (Amazon Services LLC) -- C:\Users\David's HP\Desktop\H_R_Block_At_Home_Deluxe_State_2012_Downloader.exe
    [2013/01/13 09:24:11 | 000,635,864 | ---- | M] () -- C:\Users\David's HP\Desktop\cbsidlm-tr1_10a-PDF_Printer-SEO-10536746.exe
    [2013/01/12 17:24:00 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/01/12 17:23:59 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/01/10 16:53:27 | 000,413,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/10 16:14:28 | 000,002,114 | ---- | M] () -- C:\Users\David's HP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [2013/01/10 15:17:59 | 000,869,550 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/01/03 16:59:54 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDavid's HP.job
    [2012/12/21 07:43:31 | 649,793,119 | ---- | M] () -- C:\Windows\MEMORY.DMP

    ========== Files Created - No Company Name ==========

    [2013/01/19 17:23:55 | 000,764,416 | ---- | C] () -- C:\Users\David's HP\Desktop\RogueKiller.exe
    [2013/01/18 20:46:54 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/01/18 20:42:38 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2013/01/17 18:11:35 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/01/17 18:08:30 | 000,356,375 | ---- | C] () -- C:\Users\David's HP\Desktop\bookmarks.html
    [2013/01/17 16:49:25 | 000,337,164 | ---- | C] () -- C:\Users\David's HP\Desktop\moreads.jpg
    [2013/01/17 16:46:25 | 000,296,769 | ---- | C] () -- C:\Users\David's HP\Desktop\selectionlinks.jpg
    [2013/01/17 16:22:11 | 000,085,325 | ---- | C] () -- C:\Users\David's HP\Desktop\google1.jpg
    [2013/01/17 16:21:37 | 000,065,393 | ---- | C] () -- C:\Users\David's HP\Desktop\google2.jpg
    [2013/01/17 15:51:00 | 000,257,218 | ---- | C] () -- C:\Users\David's HP\Desktop\sysmain.jpg
    [2013/01/17 15:34:33 | 000,000,273 | ---- | C] () -- C:\WirelessDiagLog.csv
    [2013/01/17 14:43:30 | 000,133,024 | ---- | C] () -- C:\Users\David's HP\Desktop\yahoomess.jpg
    [2013/01/17 13:23:26 | 000,061,440 | ---- | C] ( ) -- C:\Users\David's HP\Desktop\VEW.exe
    [2013/01/17 09:09:39 | 000,989,486 | ---- | C] () -- C:\Users\David's HP\Desktop\coupons_aol.dib
    [2013/01/16 23:08:37 | 000,115,244 | ---- | C] () -- C:\Users\David's HP\Desktop\yahoomess.png
    [2013/01/16 21:23:11 | 000,554,087 | ---- | C] () -- C:\Users\David's HP\Desktop\AdwCleaner.exe
    [2013/01/16 20:07:35 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/14 12:37:15 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk
    [2013/01/14 11:08:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    [2013/01/13 09:24:09 | 000,635,864 | ---- | C] () -- C:\Users\David's HP\Desktop\cbsidlm-tr1_10a-PDF_Printer-SEO-10536746.exe
    [2012/07/05 14:27:30 | 000,002,530 | ---- | C] () -- C:\ProgramData\regid.2012-05.com.aciwebs,PCDrafter_0B98B203-BE55-4967-B3D7-2C2033182D1B.swidtag
    [2011/05/21 08:29:19 | 000,000,000 | ---- | C] () -- C:\Users\David's HP\AppData\Local\{6D1CC7E6-7607-4664-97B8-C534FE82191C}
    [2011/05/10 13:00:18 | 000,714,590 | ---- | C] () -- C:\Windows\unins001.exe
    [2011/05/10 13:00:09 | 000,714,590 | ---- | C] () -- C:\Windows\unins000.exe
    [2011/05/04 12:39:25 | 000,869,550 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/04/12 03:39:44 | 000,673,610 | ---- | C] () -- C:\Windows\unins002.exe
    [2011/04/12 03:39:44 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\PreInstaller.exe
    [2011/04/12 03:39:44 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\suuunin.exe
    [2011/04/12 03:39:44 | 000,001,810 | ---- | C] () -- C:\Windows\unins002.dat
    [2011/04/11 07:44:18 | 000,003,653 | ---- | C] () -- C:\Windows\unins001.dat
    [2011/04/11 06:17:52 | 000,008,421 | ---- | C] () -- C:\Windows\unins000.dat
    [2011/03/31 15:56:01 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
    [2011/03/31 15:56:01 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
    [2011/03/18 16:47:37 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2011/03/18 16:47:36 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2011/03/18 16:47:30 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/03/18 16:47:30 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/03/18 16:47:30 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/03/18 15:36:30 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2011/03/18 15:36:30 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
    [2011/03/18 15:36:30 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
    [2011/03/18 15:36:30 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
    [2011/03/18 15:36:30 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
    [2011/03/18 15:36:30 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
    [2011/03/18 15:36:30 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
    [2011/03/18 15:36:30 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
    [2011/03/18 15:36:30 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
    [2011/03/18 15:36:30 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2011/03/18 15:36:30 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2011/03/18 15:36:30 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2011/03/18 15:36:30 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2011/03/18 15:36:30 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2011/03/18 15:36:30 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2011/03/18 15:36:30 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2011/03/18 13:40:50 | 000,186,928 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
    [2011/03/18 13:40:50 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
    [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
    [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
    [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
    [2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
    [2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
    [2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < %systemroot%\*. /rp /s >

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: Hitachi HTS723225L9A360 ATA Device
    Partitions: 3
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 232.00GB
    Starting Offset: 105906176
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 1.00GB
    Starting Offset: 248979225600
    Hidden sectors: 0


    < End of report >

  5. #5
    Junior Member
    Join Date
    Jan 2013
    Posts
    12

    Default

    OTL Extras logfile created on: 1/19/2013 5:30:02 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David's HP\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.84 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 55.55% Memory free
    7.68 Gb Paging File | 5.78 Gb Available in Paging File | 75.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 231.78 Gb Total Space | 88.41 Gb Free Space | 38.14% Space Free | Partition Type: NTFS
    Drive D: | 1.00 Gb Total Space | 0.98 Gb Free Space | 97.43% Space Free | Partition Type: FAT32
    Drive F: | 3.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: DAVES-6930P | User Name: David's HP | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-21-1916152551-4166504153-3791849091-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{027A7593-E800-45FF-8B0A-F01FAE3DF763}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{0A251EA2-8507-48BE-9D85-F9E361D861DE}" = rport=445 | protocol=6 | dir=out | app=system |
    "{0F5B9928-5F3B-44F2-AB42-4BC30795EBA6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{284CFF53-1AEB-4539-8C3E-4886CBBC198C}" = rport=139 | protocol=6 | dir=out | app=system |
    "{2FEF746D-023F-4E0B-A7D5-306A9EEDE54E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{46FBA676-BBB9-4990-B994-6530D98FE7A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{68E4D8B4-DCBA-4CE0-9C44-BFEF1C213AFE}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{6BC53F73-68FA-44CD-AC29-94D1950A6C68}" = lport=137 | protocol=17 | dir=in | app=system |
    "{792C40F4-8114-4211-B921-836B39D68382}" = lport=139 | protocol=6 | dir=in | app=system |
    "{7994970B-E899-4E98-B3F0-EEA64CE7A3CC}" = rport=137 | protocol=17 | dir=out | app=system |
    "{7D5D75ED-E3F0-4161-AC2F-A9DFE5961C34}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{838CD82C-4062-4A05-A993-08B0CC89080F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AB37F256-2B43-4826-85CA-B2C0772FE1DA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B4AA045F-FDF5-4709-BC31-5704DBC05324}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{B9D4FF99-AAB2-4D41-AF35-584AF16FBB00}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{BE523C19-DFC1-442C-BE8E-FF4EB40ED780}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{C339E824-FCF0-4397-A86D-D8996AAFD8F7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C950F9B8-0838-44BF-85B8-E79B618A624F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D1D459A7-D6FD-4C68-905D-BD06F4D26AF8}" = lport=445 | protocol=6 | dir=in | app=system |
    "{D2FFED7D-8B04-4D73-AAB3-E48C75919B1A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{D4C2C304-A580-40F5-AE0D-AAD2F634A738}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D69047E3-B757-423E-B539-162FFAA3FE2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DE4B0FA7-56A9-428B-B4FE-B9C9124E6A46}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E6AD9C62-29EF-410B-B276-78E7D143CB33}" = lport=138 | protocol=17 | dir=in | app=system |
    "{F6674BBE-AD9B-49FC-A88D-8B0CC10F1EAA}" = rport=138 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{15693A26-065F-45E4-9ED6-4307DA3BA635}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{182A2E41-0769-4C4C-B85D-188AD6274E54}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{20C271F8-85F4-4E64-828C-D7D69FC79110}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{2D07E1C2-4C4C-4B23-8006-F578FA451B58}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{38936F18-7D20-49D1-8E83-7F230AC89929}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{3E26D7F4-8E02-4376-A836-E979CE51FEB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3F7B28E2-ABBB-451F-B486-0A6D25B579D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{51398BF9-8B9F-4A58-9E8E-230BEBCE6D9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{521CD7CD-1F1B-416E-9464-144835AB291D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5BC45F55-3FF7-46AD-B0F5-DE052AB16F72}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{6161BF25-5609-4980-B493-446C6C58BDB7}" = protocol=6 | dir=in | app=c:\users\david's hp\appdata\roaming\dropbox\bin\dropbox.exe |
    "{643235DC-A441-4D8C-88FF-DEA9417CBF4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{694BD393-925C-45B0-BE03-0341464CD1D2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{69525AF4-DFE0-4E10-99C1-8BA34AB60B80}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{6FBB48A6-5CCC-4A5A-9713-EAC5D9CEB9C2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{715B4E1B-2F30-43BA-AE14-54A9E497A644}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{7B0BE37A-96ED-443B-AF2F-04790EEEAEA7}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
    "{7BD58B52-D4AE-4F79-B018-FF363541DB8B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{8A9D34D6-7F81-4FE8-B7B4-AFD50EAE56CB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{915AE6F9-BED2-4FAC-859B-28FAD3E3FC63}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{A4CE94E3-AF10-4B2F-A797-E5BEA7CAD79C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{A5349733-F54C-48CE-99CA-7CB9217D96F2}" = protocol=17 | dir=in | app=c:\users\david's hp\appdata\roaming\dropbox\bin\dropbox.exe |
    "{B0093398-DD7F-473D-876F-E12623BB8669}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B03D3AB6-B908-4608-8C22-5795E4ECC307}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
    "{BEF23D1C-60D5-4561-BDF8-C3E5CC598370}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{BFFE18A3-8E64-4135-82B5-B034306097AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C994B054-0718-4221-8CCB-26184E20747D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{CB85EA7C-3CAF-453E-A67B-170AEC47DCC9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E686AEB7-7A4D-4BE2-BC11-45F6F5BE47D7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{ED0CADB6-8788-405C-8433-679CC031D9CC}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{F2191C55-B9D6-4929-B0EF-B9873BA4AD69}" = protocol=6 | dir=out | app=system |
    "{F478498B-8B59-4896-8855-3AD06B31CABD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{F6BB49B9-C572-442A-8463-8C714960B99A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F8EEC18B-0B17-49AF-B392-5FEAFA4BDED5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "TCP Query User{5AABB199-5B0F-422C-A519-C722EF4AECBE}C:\program files (x86)\Epson Software\Event Manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "TCP Query User{84D7D589-FD67-45E1-8881-5CB257151A79}C:\program files (x86)\icechat7\icechat7.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icechat7\icechat7.exe |
    "TCP Query User{B9D72EE3-97C1-40E3-B8FA-B65AD333F3AC}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "TCP Query User{C72B5F47-85FE-4870-A9F8-85624C8A1088}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "TCP Query User{D36361BB-BF82-49A1-B624-D315D3F97A60}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "TCP Query User{E0FE52C5-FAC8-49B9-8AFA-51448E943C4C}C:\users\david's hp\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\david's hp\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{E38DFCAD-ABD1-4FBD-BEB0-C456F1BC100E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "TCP Query User{F761CC73-1090-4B95-BDA9-28867AD6F72C}C:\program files (x86)\Epson Software\Event Manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "TCP Query User{FE73ACAE-9BAA-4D5C-BAB7-8F37BEF6505F}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "UDP Query User{3E2ED8C5-8A07-4065-8E0D-1A66A7A37395}C:\program files (x86)\Epson Software\Event Manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{582743B2-6327-4C11-9899-158FFB1AA809}C:\program files (x86)\icechat7\icechat7.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icechat7\icechat7.exe |
    "UDP Query User{5C6E4985-A3C7-4926-AA6A-2A4E00D70F70}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "UDP Query User{635C518A-E429-4DB7-A7E6-13BDB40536F2}C:\users\david's hp\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\david's hp\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{AB39CC99-A905-4EBC-9B76-B7D492599E28}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "UDP Query User{CA033A46-F1DB-4917-994D-3BC7D0574D22}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "UDP Query User{E4ACE4EC-8428-4FEC-9C44-9399F4D3657C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "UDP Query User{ED2E9C0E-B9E1-4776-82F0-15237DD01B9F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{FA7D3AA4-C8A2-40BF-9284-AF54063D1A04}C:\program files (x86)\Epson Software\Event Manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
    "{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{391C9982-E373-42CE-A6B1-DF84632DF7E9}" = MacDrive 8
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{83DA38AB-1014-41C2-A3CD-E2B93832A71A}" = HP 3D DriveGuard
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
    "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
    "Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
    "DVDFab 8 Qt Retail_is1" = DVDFab 8.1.0.0 (16/06/2011) Qt
    "EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
    "HECI" = Intel(R) Management Engine Interface
    "KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.5.0
    "MESOL" = Intel® Active Management Technology
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "ProInst" = Intel PROSet Wireless
    "PROSet" = Intel(R) Network Connections Drivers
    "SuuntoUSBFTDIVista_is1" = Suunto USB Driver
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
    "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
    "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
    "{563F3279-A139-4C1C-B4E5-8889B136C135}" = H&R Block Illinois 2011
    "{58E1B8A4-157D-488F-ADCA-3B87598C912F}" = H&R Block Illinois 2010
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C853 Driver Vista x64 Ver.1.00.09
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
    "{8088E6E2-AFDA-4337-AA29-BA19ABF7D04A}" = HP ESU for Microsoft Windows 7
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Deluxe + Efile + State 2012
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{B2F34D92-C5CF-4801-90CB-D04A5634B334}" = TweetDeck
    "{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}" = Microsoft Streets & Trips 2009
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D54150D1-FA75-484D-A96D-47DB2EA4B2E5}" = PCDrafter 2012
    "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
    "ClubWPT" = ClubWPT
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "DivX Setup.divx.com" = DivX Setup
    "DraftDominator_is1" = DraftDominator Version 13.0d
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON Scanner" = EPSON Scan
    "ESET Online Scanner" = ESET Online Scanner v3
    "FileHippo.com" = FileHippo.com Update Checker
    "Google Chrome" = Google Chrome
    "ImgBurn" = ImgBurn
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Full)
    "LineupDominator_is1" = LineupDominator Version 8.0a Full
    "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "MFL Import_is1" = MFL Import Version 4.0a
    "Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
    "Mozilla Thunderbird 17.0.2 (x86 en-US)" = Mozilla Thunderbird 17.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notepad++" = Notepad++
    "Pdf995" = Pdf995 (installed by H&R Block)
    "PdfEdit995" = PdfEdit995 (installed by H&R Block)
    "Picasa 3" = Picasa 3
    "Projections Dominator_is1" = Projections Dominator Version 6.0g
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "SuuntoUSB_is1" = Suunto USB Drive
    "SuuntoUSBDriver_is1" = Suunto USB Driver
    "SUUVCOMM&10C4&80F6" = Suunto USB Serial Port (Driver Removal)
    "TradeDominator_is1" = TradeDominator version 7.0a
    "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
    "VLC media player" = VLC media player 1.1.7

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1916152551-4166504153-3791849091-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/17/2013 6:15:04 PM | Computer Name = DAVES-6930P | Source = Application Error | ID = 1000
    Description = Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bcc33 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
    stamp: 0x4eeb033f Exception code: 0x40000015 Fault offset: 0x000000000002a84e Faulting
    process id: 0x1ab4 Faulting application start time: 0x01cdf500154d5f0f Faulting application
    path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\msvcrt.dll
    Report
    Id: 575b3921-60f3-11e2-854e-df481fb09c6a

    Error - 1/17/2013 8:32:44 PM | Computer Name = DAVES-6930P | Source = Application Error | ID = 1000
    Description = Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bcc33 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
    stamp: 0x4eeb033f Exception code: 0x40000015 Fault offset: 0x000000000002a84e Faulting
    process id: 0x4e0 Faulting application start time: 0x01cdf5134eee7e4a Faulting application
    path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\msvcrt.dll
    Report
    Id: 92c076c0-6106-11e2-8eb2-00216a7a6f38

    Error - 1/17/2013 8:32:44 PM | Computer Name = DAVES-6930P | Source = Application Error | ID = 1000
    Description = Faulting application name: EvtEng.exe, version: 13.2.0.3, time stamp:
    0x4b913eba Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp:
    0x506dcae6 Exception code: 0xe06d7363 Fault offset: 0x000000000000bccd Faulting process
    id: 0x9ac Faulting application start time: 0x01cdf513506b5a76 Faulting application
    path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
    Report
    Id: 92be155f-6106-11e2-8eb2-00216a7a6f38

    Error - 1/18/2013 2:32:40 AM | Computer Name = DAVES-6930P | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 1/18/2013 10:49:23 PM | Computer Name = DAVES-6930P | Source = Application Error | ID = 1000
    Description = Faulting application name: EvtEng.exe, version: 13.2.0.3, time stamp:
    0x4b913eba Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp:
    0x506dcae6 Exception code: 0xe06d7363 Fault offset: 0x000000000000bccd Faulting process
    id: 0x9e0 Faulting application start time: 0x01cdf5ef93827268 Faulting application
    path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
    Report
    Id: d455efc5-61e2-11e2-8ea5-00216a7a6f38

    Error - 1/18/2013 10:49:23 PM | Computer Name = DAVES-6930P | Source = Application Error | ID = 1000
    Description = Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bcc33 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
    stamp: 0x4eeb033f Exception code: 0x40000015 Fault offset: 0x000000000002a84e Faulting
    process id: 0x580 Faulting application start time: 0x01cdf5ef91615749 Faulting application
    path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\msvcrt.dll
    Report
    Id: d45616d5-61e2-11e2-8ea5-00216a7a6f38

    Error - 1/19/2013 2:43:31 AM | Computer Name = DAVES-6930P | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 1/19/2013 7:17:03 PM | Computer Name = DAVES-6930P | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/19/2013 7:17:03 PM | Computer Name = DAVES-6930P | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 11387449

    Error - 1/19/2013 7:17:03 PM | Computer Name = DAVES-6930P | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 11387449

    [ Hewlett-Packard Events ]
    Error - 1/18/2013 4:31:55 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 1/18/2013 4:31:55 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 1/18/2013 4:31:55 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 1/18/2013 4:31:55 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 1/18/2013 4:31:55 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 1/18/2013 4:31:55 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 1/18/2013 4:31:56 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 1/18/2013 4:31:56 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 1/18/2013 4:31:56 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 1/18/2013 4:31:56 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

    [ System Events ]
    Error - 1/18/2013 10:43:58 PM | Computer Name = DAVES-6930P | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 1/18/2013 10:44:58 PM | Computer Name = DAVES-6930P | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Apple Mobile Device service,
    but this action failed with the following error: %%1056

    Error - 1/18/2013 10:47:42 PM | Computer Name = DAVES-6930P | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
    Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll


    Error - 1/18/2013 10:47:45 PM | Computer Name = DAVES-6930P | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
    Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll


    Error - 1/18/2013 10:47:45 PM | Computer Name = DAVES-6930P | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
    Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll


    Error - 1/18/2013 10:49:41 PM | Computer Name = DAVES-6930P | Source = Service Control Manager | ID = 7034
    Description = The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 1/19/2013 4:07:19 PM | Computer Name = DAVES-6930P | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
    Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll


    Error - 1/19/2013 7:17:24 PM | Computer Name = DAVES-6930P | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
    Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll


    Error - 1/19/2013 7:22:51 PM | Computer Name = DAVES-6930P | Source = bowser | ID = 8003
    Description =

    Error - 1/19/2013 7:34:49 PM | Computer Name = DAVES-6930P | Source = bowser | ID = 8003
    Description =


    < End of report >

  6. #6
    Malware Team Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    202

    Default

    OK I can see why you have had these problems but it is Chrome, not IE or FF.

    Please can you uninstall Eset as it appears the you have run it and one of its components is causing a conflict.

    I have done somethings since original post.
    Please do nothing more without instruction as it is counter-productive. We diagnose, then treat. Throwing programs at your system when you don’t know the problem doesn’t help. We will sort this.


    Run RogueKiller
    • close all programs
    • double-click RogueKiller.exe - Windows 7: right-click the program and select Run as Administrator'
    • after it has completed it's prescan click on the “Registry” tab
    • UNcheck the following false positives

      [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
      [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    • make sure the other entries there are checked, then click on Delete

    ===================================================

    Note: [color="# FF0000"]If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below. [/color]

    Run OTL
    • double click on the icon to run it.
    • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :Services
      
      :OTL
      IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\..\SearchScopes,DefaultScope = {09C04023-9666-407B-AB08-D55EA82E4B89}
      IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\..\SearchScopes\{09C04023-9666-407B-AB08-D55EA82E4B89}: "URL" =
      CHR - homepage: http://www.searchnu.com/406
      CHR - homepage: http://www.searchnu.com/406
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [purity]
      [emptytemp]
      [Reboot]

    • click the Run Fix button at the top
    • let the program run unhindered, reboot when it is done
    • please post the OTL fix log

    ====================================================

    Download and run Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • shut down your protection software now to avoid potential conflicts.
    • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    • the tool will open and start scanning your system
    • please be patient as this can take a while to complete depending on your system's specifications
    • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
    • post the contents of JRT.txt into your next message.



    Please run OTL again


    Logs to include in the next post:

    New RogueKiller log
    OTL fix log
    JRT.txt
    New OTL log


    Satchfan

  7. #7
    Junior Member
    Join Date
    Jan 2013
    Posts
    12

    Default

    Rogue Killer prescan results were empty under Registry, nothing to check or uncheck so nothing to delete and no log.

    ESET uninstalled, I also uninstall MalwareBytes. I will reinstall when we are done.

    OTL gave me a moved file log but not a regular log or extra log, maye I did not run it with the correct boxes checked. below is the moved file log and JRT log:

    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    HKEY_USERS\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_USERS\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\Internet Explorer\SearchScopes\{09C04023-9666-407B-AB08-D55EA82E4B89}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C04023-9666-407B-AB08-D55EA82E4B89}\ not found.
    Use Chrome's Settings page to change the HomePage.
    Use Chrome's Settings page to change the HomePage.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\David's HP\Desktop\cmd.bat deleted successfully.
    C:\Users\David's HP\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: David's HP
    ->Temp folder emptied: 3264039 bytes
    ->Temporary Internet Files folder emptied: 220202796 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 280780548 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 7304 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 34158 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes
    RecycleBin emptied: 1226187934 bytes

    Total Files Cleaned = 1,650.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01202013_083106

    Files\Folders moved on Reboot...
    C:\Users\David's HP\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.6 (01.20.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by David's HP on Sun 01/20/2013 at 8:38:23.01
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe



    ~~~ Files

    Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
    Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
    Successfully deleted: [File] C:\eula.1028.txt
    Successfully deleted: [File] C:\eula.1031.txt
    Successfully deleted: [File] C:\eula.1033.txt
    Successfully deleted: [File] C:\eula.1036.txt
    Successfully deleted: [File] C:\eula.1040.txt
    Successfully deleted: [File] C:\eula.1041.txt
    Successfully deleted: [File] C:\eula.1042.txt
    Successfully deleted: [File] C:\eula.2052.txt
    Successfully deleted: [File] C:\install.res.1028.dll
    Successfully deleted: [File] C:\install.res.1031.dll
    Successfully deleted: [File] C:\install.res.1033.dll
    Successfully deleted: [File] C:\install.res.1036.dll
    Successfully deleted: [File] C:\install.res.1040.dll
    Successfully deleted: [File] C:\install.res.1041.dll
    Successfully deleted: [File] C:\install.res.1042.dll
    Successfully deleted: [File] C:\install.res.2052.dll
    Successfully deleted: [File] C:\install.res.3082.dll
    Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\David's HP\appdata\local\visi_coupon"
    Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



    ~~~ FireFox

    Emptied folder: C:\Users\David's HP\AppData\Roaming\mozilla\firefox\profiles\ann9w273.default\minidumps [9 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 01/20/2013 at 8:46:03.73
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  8. #8
    Malware Team Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    202

    Default

    Reset Chrome’s home page:
    • open Google Chrome
    • click on the Customize icon , at the top right
    • click on Settings
    • under “On start-up”, check Open a specific page or set of pages and then on Set pages
    • delete any pages that you don’t want
    • set your start page to the page you want, eg www.google.com

    Once you have typed in the address in the 'Open this page' box, this change is saved. If you close this tab and click on the home icon you should now get your home page.

    ===================================================

    Run OTL
    • open OTL again and click the Quick Scan button (don't check the boxes beside LOP Check or Purity this time)
    • post the OTL.txt log it produces in your next reply.

    Please post back with the log.

    Can you tell me how you computer is now and if there are any remaining problems..
    Thanks

    Satchfan

  9. #9
    Junior Member
    Join Date
    Jan 2013
    Posts
    12

    Default

    when I run quick scan the LOP and Purity automatically check the box.

    not noticing any issues

    OTL logfile created on: 1/20/2013 9:36:37 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David's HP\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.84 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 66.99% Memory free
    7.68 Gb Paging File | 6.22 Gb Available in Paging File | 81.07% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 231.78 Gb Total Space | 89.67 Gb Free Space | 38.69% Space Free | Partition Type: NTFS
    Drive D: | 1.00 Gb Total Space | 0.98 Gb Free Space | 97.43% Space Free | Partition Type: FAT32
    Drive F: | 3.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: DAVES-6930P | User Name: David's HP | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/19 17:28:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David's HP\Desktop\OTL(1).exe
    PRC - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/02/25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    PRC - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
    PRC - [2009/07/15 11:05:24 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    PRC - [2009/07/15 11:05:16 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
    PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    PRC - [2009/02/23 18:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/21 12:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2009/03/12 14:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
    MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2010/05/04 12:33:00 | 000,218,112 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
    SRV:64bit: - [2010/03/05 10:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/03/05 10:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/03/05 10:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2008/07/15 16:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
    SRV - [2013/01/18 21:14:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/10/23 11:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
    SRV - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC)
    SRV - [2009/07/15 11:05:24 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
    SRV - [2009/07/15 11:05:16 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
    SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
    SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/28 20:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
    DRV:64bit: - [2011/07/28 07:08:24 | 000,294,232 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
    DRV:64bit: - [2011/07/26 18:38:28 | 000,017,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn.sys -- (HBtnKey)
    DRV:64bit: - [2011/06/03 13:34:10 | 010,628,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
    DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
    DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV:64bit: - [2011/03/18 13:47:41 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/21 12:11:36 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
    DRV:64bit: - [2011/02/21 12:11:36 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
    DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/10/18 02:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2010/06/03 18:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/05/18 08:07:26 | 000,306,280 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
    DRV:64bit: - [2010/05/05 08:43:24 | 000,032,352 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
    DRV:64bit: - [2010/04/07 15:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
    DRV:64bit: - [2010/02/25 14:18:58 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2010/01/13 11:15:54 | 000,070,344 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CBDisk.sys -- (CBDisk)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
    DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/23 11:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 16:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/10/09 02:34:32 | 001,875,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
    DRV:64bit: - [2007/08/08 16:39:46 | 000,060,928 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2007/03/07 12:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
    DRV:64bit: - [2007/01/29 05:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
    DRV:64bit: - [2006/12/20 00:08:00 | 000,079,872 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
    FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4
    FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5
    FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121219100509
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/18 13:26:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/18 13:26:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 21:14:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/20 08:41:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/18 20:42:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/01/18 20:42:42 | 000,000,000 | ---D | M]

    [2013/01/17 18:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Extensions
    [2011/03/18 13:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2013/01/17 18:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions
    [2013/01/17 18:15:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2013/01/17 18:15:58 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\adblockpopups@jessehakanen.net.xpi
    [2013/01/17 18:15:58 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
    [2013/01/17 18:14:12 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/01/18 21:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/01/18 21:14:31 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/05/04 06:10:19 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
    [2013/01/04 21:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/01/04 21:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.searchnu.com/406
    CHR - default_search_provider: Search Results (Enabled)
    CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=139&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5813307443614214&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.searchnu.com/406
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: DivX HiQ = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
    CHR - Extension: Gmail = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/01/17 13:36:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O4:64bit: - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
    O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - Startup: C:\Users\David's HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub...irector/sw.cab (Reg Error: Key error.)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/C...ataManager.CAB (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{714B57E2-1594-4D0F-B2EE-FE056C10D83E}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/20 08:38:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/20 08:38:12 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/20 08:37:28 | 000,499,092 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\David's HP\Desktop\JRT.exe
    [2013/01/20 08:31:06 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/01/19 17:28:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David's HP\Desktop\OTL(1).exe
    [2013/01/19 17:25:40 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\RK_Quarantine
    [2013/01/18 21:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/01/18 20:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2013/01/18 20:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2013/01/18 20:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2013/01/18 20:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2013/01/18 20:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2013/01/18 20:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2013/01/18 20:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2013/01/18 20:41:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/01/17 16:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2013/01/17 15:47:06 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\GrantPerms
    [2013/01/17 14:06:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/17 13:39:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/01/17 13:24:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/17 09:00:37 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\Draft files
    [2013/01/17 08:42:00 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Documents\ProcAlyzer Dumps
    [2013/01/16 22:28:06 | 002,712,200 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\David's HP\Desktop\procexp.exe
    [2013/01/16 20:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/01/16 17:52:37 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\David's HP\Desktop\TFC.exe
    [2013/01/14 12:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2012
    [2013/01/14 12:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2012
    [2013/01/14 12:27:23 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\H&R Block At Home Deluxe + State 2012
    [2013/01/14 12:27:23 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Documents\Amazon Downloader Logs
    [2013/01/14 12:27:15 | 000,935,344 | ---- | C] (Amazon Services LLC) -- C:\Users\David's HP\Desktop\H_R_Block_At_Home_Deluxe_State_2012_Downloader.exe
    [2013/01/14 11:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2013/01/13 09:27:02 | 000,000,000 | ---D | C] -- C:\Users\David's HP\AppData\Roaming\Bullzip
    [2013/01/13 09:26:12 | 000,000,000 | ---D | C] -- C:\Users\David's HP\AppData\Local\Programs
    [2013/01/13 09:25:25 | 000,000,000 | ---D | C] -- C:\Users\David's HP\AppData\Local\Coupon Companion Plugin
    [2013/01/10 15:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird

    ========== Files - Modified Within 30 Days ==========

    [2013/01/20 09:31:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/20 09:03:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/20 08:42:21 | 000,020,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/20 08:42:21 | 000,020,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/20 08:37:30 | 000,499,092 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\David's HP\Desktop\JRT.exe
    [2013/01/20 08:35:10 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/20 08:34:53 | 3092,459,520 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/19 17:28:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David's HP\Desktop\OTL(1).exe
    [2013/01/19 17:24:11 | 000,764,416 | ---- | M] () -- C:\Users\David's HP\Desktop\RogueKiller.exe
    [2013/01/18 20:46:54 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/01/18 20:42:38 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2013/01/17 18:08:30 | 000,356,375 | ---- | M] () -- C:\Users\David's HP\Desktop\bookmarks.html
    [2013/01/17 16:49:25 | 000,337,164 | ---- | M] () -- C:\Users\David's HP\Desktop\moreads.jpg
    [2013/01/17 16:46:25 | 000,296,769 | ---- | M] () -- C:\Users\David's HP\Desktop\selectionlinks.jpg
    [2013/01/17 16:22:11 | 000,085,325 | ---- | M] () -- C:\Users\David's HP\Desktop\google1.jpg
    [2013/01/17 16:21:37 | 000,065,393 | ---- | M] () -- C:\Users\David's HP\Desktop\google2.jpg
    [2013/01/17 16:16:09 | 000,872,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/17 16:16:09 | 000,728,404 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/17 16:16:09 | 000,147,430 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/17 15:51:01 | 000,257,218 | ---- | M] () -- C:\Users\David's HP\Desktop\sysmain.jpg
    [2013/01/17 15:47:06 | 000,456,948 | ---- | M] () -- C:\Users\David's HP\Desktop\GrantPerms.exe
    [2013/01/17 15:34:33 | 000,000,273 | ---- | M] () -- C:\WirelessDiagLog.csv
    [2013/01/17 14:43:31 | 000,133,024 | ---- | M] () -- C:\Users\David's HP\Desktop\yahoomess.jpg
    [2013/01/17 13:36:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/01/17 13:23:26 | 000,061,440 | ---- | M] ( ) -- C:\Users\David's HP\Desktop\VEW.exe
    [2013/01/17 09:09:40 | 000,989,486 | ---- | M] () -- C:\Users\David's HP\Desktop\coupons_aol.dib
    [2013/01/16 23:08:37 | 000,115,244 | ---- | M] () -- C:\Users\David's HP\Desktop\yahoomess.png
    [2013/01/16 22:28:07 | 002,712,200 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\David's HP\Desktop\procexp.exe
    [2013/01/16 21:23:17 | 000,554,087 | ---- | M] () -- C:\Users\David's HP\Desktop\AdwCleaner.exe
    [2013/01/16 17:52:46 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\David's HP\Desktop\TFC.exe
    [2013/01/14 12:37:15 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk
    [2013/01/14 12:27:16 | 000,935,344 | ---- | M] (Amazon Services LLC) -- C:\Users\David's HP\Desktop\H_R_Block_At_Home_Deluxe_State_2012_Downloader.exe
    [2013/01/13 09:24:11 | 000,635,864 | ---- | M] () -- C:\Users\David's HP\Desktop\cbsidlm-tr1_10a-PDF_Printer-SEO-10536746.exe
    [2013/01/10 16:53:27 | 000,413,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/10 16:14:28 | 000,002,114 | ---- | M] () -- C:\Users\David's HP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [2013/01/10 15:17:59 | 000,869,550 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/01/03 16:59:54 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDavid's HP.job

    ========== Files Created - No Company Name ==========

    [2013/01/19 17:23:55 | 000,764,416 | ---- | C] () -- C:\Users\David's HP\Desktop\RogueKiller.exe
    [2013/01/18 20:46:54 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/01/18 20:42:38 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2013/01/17 18:11:35 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/01/17 18:08:30 | 000,356,375 | ---- | C] () -- C:\Users\David's HP\Desktop\bookmarks.html
    [2013/01/17 16:49:25 | 000,337,164 | ---- | C] () -- C:\Users\David's HP\Desktop\moreads.jpg
    [2013/01/17 16:46:25 | 000,296,769 | ---- | C] () -- C:\Users\David's HP\Desktop\selectionlinks.jpg
    [2013/01/17 16:22:11 | 000,085,325 | ---- | C] () -- C:\Users\David's HP\Desktop\google1.jpg
    [2013/01/17 16:21:37 | 000,065,393 | ---- | C] () -- C:\Users\David's HP\Desktop\google2.jpg
    [2013/01/17 15:51:00 | 000,257,218 | ---- | C] () -- C:\Users\David's HP\Desktop\sysmain.jpg
    [2013/01/17 15:34:33 | 000,000,273 | ---- | C] () -- C:\WirelessDiagLog.csv
    [2013/01/17 14:43:30 | 000,133,024 | ---- | C] () -- C:\Users\David's HP\Desktop\yahoomess.jpg
    [2013/01/17 13:23:26 | 000,061,440 | ---- | C] ( ) -- C:\Users\David's HP\Desktop\VEW.exe
    [2013/01/17 09:09:39 | 000,989,486 | ---- | C] () -- C:\Users\David's HP\Desktop\coupons_aol.dib
    [2013/01/16 23:08:37 | 000,115,244 | ---- | C] () -- C:\Users\David's HP\Desktop\yahoomess.png
    [2013/01/16 21:23:11 | 000,554,087 | ---- | C] () -- C:\Users\David's HP\Desktop\AdwCleaner.exe
    [2013/01/14 12:37:15 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk
    [2013/01/14 11:08:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    [2013/01/13 09:24:09 | 000,635,864 | ---- | C] () -- C:\Users\David's HP\Desktop\cbsidlm-tr1_10a-PDF_Printer-SEO-10536746.exe
    [2012/07/05 14:27:30 | 000,002,530 | ---- | C] () -- C:\ProgramData\regid.2012-05.com.aciwebs,PCDrafter_0B98B203-BE55-4967-B3D7-2C2033182D1B.swidtag
    [2011/05/21 08:29:19 | 000,000,000 | ---- | C] () -- C:\Users\David's HP\AppData\Local\{6D1CC7E6-7607-4664-97B8-C534FE82191C}
    [2011/05/10 13:00:18 | 000,714,590 | ---- | C] () -- C:\Windows\unins001.exe
    [2011/05/10 13:00:09 | 000,714,590 | ---- | C] () -- C:\Windows\unins000.exe
    [2011/05/04 12:39:25 | 000,869,550 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/04/12 03:39:44 | 000,673,610 | ---- | C] () -- C:\Windows\unins002.exe
    [2011/04/12 03:39:44 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\PreInstaller.exe
    [2011/04/12 03:39:44 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\suuunin.exe
    [2011/04/12 03:39:44 | 000,001,810 | ---- | C] () -- C:\Windows\unins002.dat
    [2011/04/11 07:44:18 | 000,003,653 | ---- | C] () -- C:\Windows\unins001.dat
    [2011/04/11 06:17:52 | 000,008,421 | ---- | C] () -- C:\Windows\unins000.dat
    [2011/03/31 15:56:01 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
    [2011/03/31 15:56:01 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
    [2011/03/18 16:47:37 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2011/03/18 16:47:36 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2011/03/18 16:47:30 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/03/18 16:47:30 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/03/18 16:47:30 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/03/18 15:36:30 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2011/03/18 15:36:30 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
    [2011/03/18 15:36:30 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
    [2011/03/18 15:36:30 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
    [2011/03/18 15:36:30 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
    [2011/03/18 15:36:30 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
    [2011/03/18 15:36:30 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
    [2011/03/18 15:36:30 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
    [2011/03/18 15:36:30 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
    [2011/03/18 15:36:30 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2011/03/18 15:36:30 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2011/03/18 15:36:30 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2011/03/18 15:36:30 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2011/03/18 15:36:30 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2011/03/18 15:36:30 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2011/03/18 15:36:30 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2011/03/18 13:40:50 | 000,186,928 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
    [2011/03/18 13:40:50 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/01/13 09:27:02 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Bullzip
    [2012/02/26 17:55:15 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Catalina Marketing Corp
    [2011/03/24 15:11:31 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
    [2013/01/19 17:22:06 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Dropbox
    [2012/05/16 11:32:18 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Epson
    [2012/10/16 16:50:11 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Foxit Software
    [2011/07/23 14:33:14 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Notepad++
    [2011/05/30 21:31:27 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\OfficeRecovery
    [2011/03/31 16:02:12 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\pdf995
    [2011/03/31 12:29:20 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Rovio
    [2011/04/08 15:22:02 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Suunto
    [2012/03/14 16:33:41 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\TaxCut
    [2011/03/18 13:15:47 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Thunderbird
    [2011/09/23 07:05:19 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

    ========== Purity Check ==========



    < End of report >

  10. #10
    Malware Team Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    202

    Smile

    Things are looking better but not quite right yet.

    Download and run ComboFix

    Download Combofix from either of the links below, and save it to your desktop.

    Link 1
    Link 2

    **Note: It MUST be saved directly to your desktop. Choose save as and then make sure you choose Desktop

    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Double click on ComboFix.exe & follow the prompts.
    • when finished, it will produce a report for you.
    • please post the C:\ComboFix.txt for further review.


    Satchfan

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •