PDA

View Full Version : Browsers Hijacked and HijackThis unable to remove entries



tinkertailor
2012-12-29, 22:25
Turned out my log post is too long and I got a message "The text that you have entered is too long (74756 characters). Please shorten it to 64000 characters long."

I have pasted the entire content of my original post into a zipped txt file similar to the requested attach.txt. I hope this is an accepted workaround to posting lengthy items. Please accept my apology if I have overlooked a FAQ instruction.

tinkertailor
2012-12-29, 22:37
just occurred to me that I can break up the post into two posts.

Hi, I am new. I recently installed a software from a suspicious, something that I should have known better and now I am stuck with a hijacked browser with modified tab and an infection that won't allow to be fixed using HijackThis. Looking forward to any expert guidance and assistance.
As instructed by the FAQ, here is the content of my DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
Run by HP at 18:44:23 on 2012-12-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.3894.1794 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Users\HP\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
C:\Users\HP\AppData\Local\Smartbar\Application\QuickShare.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.my/
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\HP\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
uRun: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [iFunBoxConnector] "C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe"
uRun: [Browser Infrastructure Helper] C:\Users\HP\AppData\Local\Smartbar\Application\QuickShare.exe startup
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRunOnce: [SpybotDeletingF9873] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\ARPPRODUCTICON.exe"
uRunOnce: [SpybotDeletingF6043] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe"
uRunOnce: [SpybotDeletingF166] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\default.xml"
uRunOnce: [SpybotDeletingF8168] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll"
uRunOnce: [SpybotDeletingF9384] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll"
uRunOnce: [SpybotDeletingF1311] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll"
uRunOnce: [SpybotDeletingF6222] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll"
uRunOnce: [SpybotDeletingF6278] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll"
uRunOnce: [SpybotDeletingF8646] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll"
uRunOnce: [SpybotDeletingF5470] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll"
uRunOnce: [SpybotDeletingF9809] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dll"
uRunOnce: [SpybotDeletingF6515] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll"
uRunOnce: [SpybotDeletingF7163] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mglogger.dll"
uRunOnce: [SpybotDeletingF7187] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll"
uRunOnce: [SpybotDeletingF7818] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll"
uRunOnce: [SpybotDeletingF8885] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll"
uRunOnce: [SpybotDeletingF1840] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll"
uRunOnce: [SpybotDeletingF3068] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll"
uRunOnce: [SpybotDeletingF1284] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll"
uRunOnce: [SpybotDeletingF8170] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll"
uRunOnce: [SpybotDeletingF5306] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll"
uRunOnce: [SpybotDeletingF4224] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll"
uRunOnce: [SpybotDeletingF8187] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll"
uRunOnce: [SpybotDeletingF2126] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll"
uRunOnce: [SpybotDeletingF4654] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
uRunOnce: [SpybotDeletingF9185] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
uRunOnce: [SpybotDeletingF8428] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
uRunOnce: [SpybotDeletingF3306] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
uRunOnce: [SpybotDeletingF9270] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
uRunOnce: [SpybotDeletingF1684] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
uRunOnce: [SpybotDeletingF1426] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
uRunOnce: [SpybotDeletingF3901] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
uRunOnce: [SpybotDeletingF673] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll"
uRunOnce: [SpybotDeletingF337] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
uRunOnce: [SpybotDeletingF4349] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe"
uRunOnce: [SpybotDeletingF120] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\default.xml"
uRunOnce: [SpybotDeletingF4302] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll"
uRunOnce: [SpybotDeletingF4021] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll"
uRunOnce: [SpybotDeletingF8101] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll"
uRunOnce: [SpybotDeletingF5956] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll"
uRunOnce: [SpybotDeletingF6361] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll"
uRunOnce: [SpybotDeletingF478] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll"
uRunOnce: [SpybotDeletingF7909] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll"
uRunOnce: [SpybotDeletingF3263] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dll"
uRunOnce: [SpybotDeletingF3507] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll"
uRunOnce: [SpybotDeletingF6005] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mglogger.dll"
uRunOnce: [SpybotDeletingF5373] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll"
uRunOnce: [SpybotDeletingF6552] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
uRunOnce: [SpybotDeletingF320] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll"
uRunOnce: [SpybotDeletingF2481] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll"
uRunOnce: [SpybotDeletingF234] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll"
uRunOnce: [SpybotDeletingF1393] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll"
uRunOnce: [SpybotDeletingF1601] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll"
uRunOnce: [SpybotDeletingF7539] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll"
uRunOnce: [SpybotDeletingF9256] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll"
uRunOnce: [SpybotDeletingF5122] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll"
uRunOnce: [SpybotDeletingF4896] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll"
uRunOnce: [SpybotDeletingF2157] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
uRunOnce: [SpybotDeletingF3444] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
uRunOnce: [SpybotDeletingF1230] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
uRunOnce: [SpybotDeletingF4017] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
uRunOnce: [SpybotDeletingF2525] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
uRunOnce: [SpybotDeletingF1134] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
uRunOnce: [SpybotDeletingF8615] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
uRunOnce: [SpybotDeletingF8993] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
uRunOnce: [SpybotDeletingF8072] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll"
uRunOnce: [SpybotDeletingF3875] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
uRunOnce: [SpybotDeletingF5802] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
uRunOnce: [SpybotDeletingF2035] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
uRunOnce: [SpybotDeletingF8554] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
uRunOnce: [SpybotDeletingF5611] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
uRunOnce: [SpybotDeletingF8730] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
uRunOnce: [SpybotDeletingF9210] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
uRunOnce: [SpybotDeletingF4659] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
uRunOnce: [SpybotDeletingF2993] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
uRunOnce: [SpybotDeletingF2150] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
uRunOnce: [SpybotDeletingF1091] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
uRunOnce: [SpybotDeletingF1890] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
uRunOnce: [SpybotDeletingF2485] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
uRunOnce: [SpybotDeletingF7120] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
uRunOnce: [SpybotDeletingF685] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
uRunOnce: [SpybotDeletingF6846] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
uRunOnce: [SpybotDeletingF1202] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
uRunOnce: [SpybotDeletingF6916] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll"
uRunOnce: [SpybotDeletingF6672] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\ARPPRODUCTICON.exe"
uRunOnce: [SpybotDeletingF842] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
uRunOnce: [SpybotDeletingF9872] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
uRunOnce: [SpybotDeletingF429] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
uRunOnce: [SpybotDeletingF8787] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
uRunOnce: [SpybotDeletingF5983] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
uRunOnce: [SpybotDeletingF7574] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll_old"
uRunOnce: [SpybotDeletingF6797] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
uRunOnce: [SpybotDeletingF8138] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
uRunOnce: [SpybotDeletingF7488] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
uRunOnce: [SpybotDeletingF800] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
uRunOnce: [SpybotDeletingF3546] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
uRunOnce: [SpybotDeletingF3876] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
uRunOnce: [SpybotDeletingF5552] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
uRunOnce: [SpybotDeletingF4811] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
uRunOnce: [SpybotDeletingF8683] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
uRunOnce: [SpybotDeletingF142] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
uRunOnce: [SpybotDeletingF3592] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
uRunOnce: [SpybotDeletingF3275] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
uRunOnce: [SpybotDeletingF1646] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
uRunOnce: [SpybotDeletingF3511] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
uRunOnce: [SpybotDeletingF3142] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
uRunOnce: [SpybotDeletingF5211] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
uRunOnce: [SpybotDeletingF3299] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
uRunOnce: [SpybotDeletingF1981] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
uRunOnce: [SpybotDeletingF4299] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
uRunOnce: [SpybotDeletingF3903] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
uRunOnce: [SpybotDeletingF9257] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
uRunOnce: [SpybotDeletingF1356] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
uRunOnce: [SpybotDeletingF4252] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
uRunOnce: [SpybotDeletingF6689] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml"
uRunOnce: [SpybotDeletingF1288] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\messages.xml"
uRunOnce: [SpybotDeletingF3751] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml"
uRunOnce: [SpybotDeletingF4225] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat"
uRunOnce: [SpybotDeletingF721] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\default.xml"
uRunOnce: [SpybotDeletingF2596] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll"
uRunOnce: [SpybotDeletingF211] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll"
uRunOnce: [SpybotDeletingF587] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
uRunOnce: [SpybotDeletingF6810] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
uRunOnce: [SpybotDeletingF5778] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
uRunOnce: [SpybotDeletingF7660] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
uRunOnce: [SpybotDeletingF3431] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
uRunOnce: [SpybotDeletingF3836] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
uRunOnce: [SpybotDeletingF4923] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
uRunOnce: [SpybotDeletingF2686] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
uRunOnce: [SpybotDeletingF2529] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\ARPPRODUCTICON.exe"
uRunOnce: [SpybotDeletingF9938] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
uRunOnce: [SpybotDeletingF5637] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
uRunOnce: [SpybotDeletingF9544] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
uRunOnce: [SpybotDeletingF3424] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
uRunOnce: [SpybotDeletingF6011] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
uRunOnce: [SpybotDeletingF0] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll_old"
uRunOnce: [SpybotDeletingF5249] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
uRunOnce: [SpybotDeletingF9439] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
uRunOnce: [SpybotDeletingF9106] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
uRunOnce: [SpybotDeletingF2531] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
uRunOnce: [SpybotDeletingF4813] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
uRunOnce: [SpybotDeletingF2649] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
uRunOnce: [SpybotDeletingF4663] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
uRunOnce: [SpybotDeletingF9932] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
uRunOnce: [SpybotDeletingF216] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
uRunOnce: [SpybotDeletingF480] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
uRunOnce: [SpybotDeletingF5438] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
uRunOnce: [SpybotDeletingF3405] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
uRunOnce: [SpybotDeletingF5451] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
uRunOnce: [SpybotDeletingF8019] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
uRunOnce: [SpybotDeletingF2763] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll_old"
uRunOnce: [SpybotDeletingF7701] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
uRunOnce: [SpybotDeletingF6227] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
uRunOnce: [SpybotDeletingF8963] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
uRunOnce: [SpybotDeletingF497] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
uRunOnce: [SpybotDeletingF7837] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
uRunOnce: [SpybotDeletingF5434] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
uRunOnce: [SpybotDeletingF7887] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
uRunOnce: [SpybotDeletingF4296] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
uRunOnce: [SpybotDeletingF1446] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
uRunOnce: [SpybotDeletingF8612] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
uRunOnce: [SpybotDeletingF262] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml"
uRunOnce: [SpybotDeletingF3493] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\messages.xml"
uRunOnce: [SpybotDeletingF3929] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml"
uRunOnce: [SpybotDeletingF5266] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat"
uRunOnce: [SpybotDeletingF8982] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\default.xml"
uRunOnce: [SpybotDeletingF4934] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll"
uRunOnce: [SpybotDeletingF1347] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll"
uRunOnce: [SpybotDeletingF1674] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
uRunOnce: [SpybotDeletingF8469] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
uRunOnce: [SpybotDeletingF1942] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
uRunOnce: [SpybotDeletingF8415] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
uRunOnce: [SpybotDeletingF1738] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
uRunOnce: [SpybotDeletingF7082] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
uRunOnce: [SpybotDeletingF2643] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
uRunOnce: [SpybotDeletingF5814] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRunOnce: [SpybotDeletingE4547] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\ARPPRODUCTICON.exe"
mRunOnce: [SpybotDeletingE884] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
mRunOnce: [SpybotDeletingE7902] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
mRunOnce: [SpybotDeletingE3305] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
mRunOnce: [SpybotDeletingE1390] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
mRunOnce: [SpybotDeletingE4007] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
mRunOnce: [SpybotDeletingE2226] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll_old"
mRunOnce: [SpybotDeletingE8441] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
mRunOnce: [SpybotDeletingE996] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
mRunOnce: [SpybotDeletingE1156] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
mRunOnce: [SpybotDeletingE8267] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
mRunOnce: [SpybotDeletingE8045] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
mRunOnce: [SpybotDeletingE5129] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
mRunOnce: [SpybotDeletingE2785] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
mRunOnce: [SpybotDeletingE9133] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
mRunOnce: [SpybotDeletingE5819] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
mRunOnce: [SpybotDeletingE6916] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
mRunOnce: [SpybotDeletingE8219] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
mRunOnce: [SpybotDeletingE279] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
mRunOnce: [SpybotDeletingE6055] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
mRunOnce: [SpybotDeletingE1104] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
mRunOnce: [SpybotDeletingE8197] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll_old"
mRunOnce: [SpybotDeletingE8491] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
mRunOnce: [SpybotDeletingE2379] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
mRunOnce: [SpybotDeletingE9937] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
mRunOnce: [SpybotDeletingE9489] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
mRunOnce: [SpybotDeletingE6665] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
mRunOnce: [SpybotDeletingE6237] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
mRunOnce: [SpybotDeletingE1888] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
mRunOnce: [SpybotDeletingE212] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
mRunOnce: [SpybotDeletingE1086] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
mRunOnce: [SpybotDeletingE6630] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
mRunOnce: [SpybotDeletingE3622] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml"
mRunOnce: [SpybotDeletingE5742] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\messages.xml"
mRunOnce: [SpybotDeletingE1572] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml"
mRunOnce: [SpybotDeletingE1094] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat"
mRunOnce: [SpybotDeletingE4881] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\default.xml"
mRunOnce: [SpybotDeletingE9906] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll"
mRunOnce: [SpybotDeletingE6198] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll"
mRunOnce: [SpybotDeletingE2918] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
mRunOnce: [SpybotDeletingE4666] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
mRunOnce: [SpybotDeletingE4693] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
mRunOnce: [SpybotDeletingE7055] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
mRunOnce: [SpybotDeletingE188] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
mRunOnce: [SpybotDeletingE2905] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
mRunOnce: [SpybotDeletingE4046] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
mRunOnce: [SpybotDeletingE321] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
mRunOnce: [SpybotDeletingE5381] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\ARPPRODUCTICON.exe"
mRunOnce: [SpybotDeletingE430] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
mRunOnce: [SpybotDeletingE8549] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
mRunOnce: [SpybotDeletingE552] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
mRunOnce: [SpybotDeletingE9446] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
mRunOnce: [SpybotDeletingE5039] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
mRunOnce: [SpybotDeletingE1547] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll_old"
mRunOnce: [SpybotDeletingE4766] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
mRunOnce: [SpybotDeletingE1051] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
mRunOnce: [SpybotDeletingE6238] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
mRunOnce: [SpybotDeletingE1978] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
mRunOnce: [SpybotDeletingE2058] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
mRunOnce: [SpybotDeletingE2430] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
mRunOnce: [SpybotDeletingE4001] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
mRunOnce: [SpybotDeletingE9045] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
mRunOnce: [SpybotDeletingE941] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
mRunOnce: [SpybotDeletingE1746] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll_old"
mRunOnce: [SpybotDeletingE5501] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll_old"
mRunOnce: [SpybotDeletingE8293] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll_old"
mRunOnce: [SpybotDeletingE1961] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll_old"
mRunOnce: [SpybotDeletingE4076] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll_old"
mRunOnce: [SpybotDeletingE79] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll_old"
mRunOnce: [SpybotDeletingE2650] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll_old"
mRunOnce: [SpybotDeletingE7956] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll_old"
mRunOnce: [SpybotDeletingE2522] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll_old"
mRunOnce: [SpybotDeletingE8701] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll_old"
mRunOnce: [SpybotDeletingE9239] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll_old"
mRunOnce: [SpybotDeletingE8015] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll_old"
mRunOnce: [SpybotDeletingE4261] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll_old"
mRunOnce: [SpybotDeletingE608] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll_old"
mRunOnce: [SpybotDeletingE4346] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll_old"
mRunOnce: [SpybotDeletingE7939] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
mRunOnce: [SpybotDeletingE1179] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml"
mRunOnce: [SpybotDeletingE2735] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\messages.xml"
mRunOnce: [SpybotDeletingE5117] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml"
mRunOnce: [SpybotDeletingE4959] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat"
mRunOnce: [SpybotDeletingE161] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\default.xml"
mRunOnce: [SpybotDeletingE4364] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll"
mRunOnce: [SpybotDeletingE8091] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll"
mRunOnce: [SpybotDeletingE5886] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png"
mRunOnce: [SpybotDeletingE1702] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
mRunOnce: [SpybotDeletingE1688] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png"
mRunOnce: [SpybotDeletingE9843] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png"
mRunOnce: [SpybotDeletingE2370] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png"
mRunOnce: [SpybotDeletingE1649] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png"
mRunOnce: [SpybotDeletingE6157] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png"
mRunOnce: [SpybotDeletingE9665] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png"
StartupFolder: C:\Users\HP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\HP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

tinkertailor
2012-12-29, 22:38
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{4828EB99-DA1D-4695-B4CF-90CDCB7F710C} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4828EB99-DA1D-4695-B4CF-90CDCB7F710C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4828EB99-DA1D-4695-B4CF-90CDCB7F710C}\1405D474D2D416C61697379616 : DHCPNameServer = 10.1.8.2
TCP: Interfaces\{9E8BEB33-11FA-4636-B10D-77BE08229A4C} : NameServer = 0.0.0.0
TCP: Interfaces\{AEF7CD20-AAAA-4BC1-A214-9115BAB18C84} : DHCPNameServer = 16.110.135.52 16.110.135.51
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = EgisPwdFilter EgisDSPwdFilter
x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-29 09:41; addon@defaulttab.com; C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2012-12-29 09:44; helperbar@helperbar.com; C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\extensions\helperbar@helperbar.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2009-11-12 20056]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-10-3 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-3 203264]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\HP\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-12-29 107520]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-9-29 338208]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-6-14 697712]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-6-14 646000]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-22 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-8-24 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-3 13336]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-29 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-29 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-29 168384]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-3 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2012-10-3 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-10-3 39464]
R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-4 31088]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-10-3 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-10-3 158976]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-10-3 10603904]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-8-17 39832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-6 340240]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-13 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-3 349800]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-13 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-2 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]
.
=============== Created Last 30 ================
.
2012-12-29 09:30:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-12-29 09:30:04 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-12-29 09:30:01 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-12-29 08:57:12 388096 ----a-r- C:\Users\HP\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-29 08:57:12 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-12-29 08:55:37 -------- d-----w- C:\Users\HP\AppData\Local\Programs
2012-12-28 20:09:03 -------- d-----w- C:\Program Files (x86)\SweetIM
2012-12-28 20:08:55 -------- d-----w- C:\Program Files (x86)\sweetpacks bundle uninstaller
2012-12-28 20:07:56 -------- d-----w- C:\Users\HP\AppData\Local\Smartbar
2012-12-28 20:07:24 -------- d-----w- C:\Users\HP\AppData\Roaming\DefaultTab
2012-12-28 20:07:18 -------- d-----w- C:\Users\HP\AppData\Local\SwvUpdater
2012-12-28 20:01:02 -------- d-----w- C:\Program Files (x86)\WebCam Spy Pro
2012-12-24 19:06:08 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-24 19:06:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-24 19:06:07 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-24 19:06:06 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-12 17:00:11 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-12-12 16:58:19 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-12-12 16:57:56 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-12 16:57:55 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-12 16:57:55 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
==================== Find3M ====================
.
2012-12-26 02:31:40 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-26 02:31:40 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-14 08:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-22 05:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-14 19:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 19:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-03 05:58:09 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-10-03 05:58:09 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-10-02 17:04:47 0 ----a-w- C:\Windows\ativpsrm.bin
2012-10-01 19:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
============= FINISH: 18:44:51.53 ===============



content from aswMBR.txt log


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-29 18:53:21
-----------------------------
18:53:21.676 OS Version: Windows x64 6.1.7601 Service Pack 1
18:53:21.676 Number of processors: 4 586 0x2505
18:53:21.676 ComputerName: HP-HP UserName: HP
18:53:23.189 Initialize success
18:55:49.258 AVAST engine defs: 12122900
18:56:16.527 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:56:16.527 Disk 0 Vendor: TOSHIBA_ GS00 Size: 610480MB BusType: 3
18:56:16.527 Disk 0 MBR read successfully
18:56:16.543 Disk 0 MBR scan
18:56:16.543 Disk 0 unknown MBR code
18:56:16.574 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:56:16.590 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 578611 MB offset 409600
18:56:16.621 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 31565 MB offset 1185404928
18:56:16.636 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
18:56:16.668 Disk 0 scanning C:\Windows\system32\drivers
18:56:26.730 Service scanning
18:57:05.419 Modules scanning
18:57:05.419 Disk 0 trace - called modules:
18:57:05.980 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
18:57:05.980 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800528d060]
18:57:05.980 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa800513ab10]
18:57:05.996 5 hpdskflt.sys[fffff88001bb6189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fc2050]
18:57:07.462 AVAST engine scan C:\Windows
18:57:10.021 AVAST engine scan C:\Windows\system32
19:01:59.941 AVAST engine scan C:\Windows\system32\drivers
19:02:12.985 AVAST engine scan C:\Users\HP
19:11:52.158 AVAST engine scan C:\ProgramData
19:12:30.052 Scan finished successfully
04:07:46.391 Disk 0 MBR has been saved successfully to "C:\Users\HP\Desktop\MBR.dat"
04:07:46.391 The log file has been saved successfully to "C:\Users\HP\Desktop\aswMBR.txt"

ken545
2013-01-06, 13:06
:welcome:

This most likely is the culprit
http://www.systemlookup.com/search.php?list=&type=name&search=sweetim&s=



Go here (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and download AdwCleaner to your desktop


Double click on AdwCleaner.exe to run the tool.
Click on Delete
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


http://i24.photobucket.com/albums/c30/ken545/AdwareCleaner.jpg






Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.

http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM-2.jpg

When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.



The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

tinkertailor
2013-01-06, 14:40
log from AdwCleaner :



# AdwCleaner v2.104 - Logfile created 01/06/2013 at 20:26:28
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : HP - HP-HP
# Boot Mode : Normal
# Running from : C:\Users\HP\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : DefaultTabUpdate

***** [Files / Folders] *****

File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\extensions\addon@defaulttab.com.xpi
File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\searchplugins\search-here.xml
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Users\HP\AppData\Local\Smartbar
Folder Deleted : C:\Users\HP\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\HP\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\HP\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\HP\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\extensions\helperbar@helperbar.com
Folder Deleted : C:\Users\HP\Desktop\Software
Folder Deleted : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SmartbarBackup
Key Deleted : HKCU\Software\SmartbarLog
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10005 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\prefs.js

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\user.js ... Deleted !

Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.com.my/");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10005");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6789 octets] - [06/01/2013 20:26:28]

########## EOF - C:\AdwCleaner[S1].txt - [6849 octets] ##########






*********************************
log from Malwarebytes Anti-Malware:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HP :: HP-HP [administrator]

6/1/2013 8:33:46 PM
mbam-log-2013-01-06 (20-33-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214279
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ken545
2013-01-06, 14:50
Lets take another look


OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

tinkertailor
2013-01-06, 15:20
OTL.txt

OTL logfile created on: 6/1/2013 9:10:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

3.80 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 50.47% Memory free
7.60 Gb Paging File | 4.99 Gb Available in Paging File | 65.66% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 565.05 Gb Total Space | 78.46 Gb Free Space | 13.89% Space Free | Partition Type: NTFS
Drive D: | 30.83 Gb Total Space | 4.53 Gb Free Space | 14.70% Space Free | Partition Type: NTFS
Drive X: | 6.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HP-HP | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\HP\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\seg13vqf.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe (IDEVFH)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\11c7eee596ee317f7d81a8bcb9d433ef\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c11e8c8ee98243f81088d49822c15852\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c423a5b0a857fb4fe4f856a6b88787e2\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86faac9b3fb996a7210e9783b76ca1a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0a9b81930af930d919969bb234026375\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3b9f9cee47282e10cdafb32b8c5d240a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4db13ed5b635a3d708647855400b6750\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1eccdb959aa1aedaa2e7b4e14e332f3e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\703b27023a4fddb44d47f4b3010c324c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (DvmMDES) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (EgisTec Service) -- C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe (Egis Technology Inc. )
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (DVMIO) -- C:\Windows\SysNative\drivers\dvmio.sys (DeviceVM, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/37
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/37
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/3423-111089-9078-0/4?satitle={searchTerms}&mfe=Notebooks
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/37
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/3423-111089-9078-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes\{5BE16ECD-9DBD-4138-9B3B-27ED28C45F25}: "URL" = http://www.mysearchresults.com/search?&c=4001&t=10&q={searchTerms}
IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/3423-111089-9078-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7BE173B749-DB5B-4fd2-BA0E-94ECEA0CA55B%7D:7.4
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B7f57cf46-4467-4c2d-adfa-0cba7c507e54%7D:2.0.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/12/30 10:45:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt [2012/10/03 01:19:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/12/30 10:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/10 19:03:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Program Files (x86)\AddLyrics\FF\

[2012/10/03 12:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Extensions
[2013/01/06 20:26:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\seg13vqf.default\extensions
[2012/11/22 05:16:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\seg13vqf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/10/03 21:36:31 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\seg13vqf.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2012/12/13 00:53:14 | 000,526,889 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\seg13vqf.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi
[2012/09/13 23:16:19 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\seg13vqf.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/01/02 19:50:30 | 000,364,053 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\seg13vqf.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2012/10/29 09:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/13 19:43:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/29 09:28:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/12/10 19:03:18 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/06 09:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/12 13:35:52 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000..\Run: [iFunBoxConnector] C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe ()
O4 - HKU\S-1-5-21-2208690772-3602456008-4151856646-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.144.207.49 203.144.207.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4828EB99-DA1D-4695-B4CF-90CDCB7F710C}: DhcpNameServer = 203.144.207.49 203.144.207.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4828EB99-DA1D-4695-B4CF-90CDCB7F710C}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E8BEB33-11FA-4636-B10D-77BE08229A4C}: NameServer = 0.0.0.0
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 09:52:57 | 000,000,140 | R--- | M] () - X:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2ba2dcb6-0d81-11e2-a05f-e02a8230dcb6}\Shell - "" = AutoRun
O33 - MountPoints2\{2ba2dcb6-0d81-11e2-a05f-e02a8230dcb6}\Shell\AutoRun\command - "" = X:\Setup\rsrc\AUTORUN.EXE -- [2007/08/16 09:55:00 | 000,051,048 | R--- | M] (Activision)
O33 - MountPoints2\{2ba2dcb6-0d81-11e2-a05f-e02a8230dcb6}\Shell\dinstall\command - "" = X:\DirectX\DXSETUP.exe -- [2008/08/11 16:09:00 | 000,528,392 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/06 21:08:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2012/12/31 22:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/31 22:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/12/31 22:24:41 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Google
[2012/12/31 15:46:21 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Non-QWR Invoice
[2012/12/31 15:46:00 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Supporting
[2012/12/30 10:45:56 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\ForceField Shared Files
[2012/12/30 10:45:55 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\CheckPoint
[2012/12/30 10:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/12/30 10:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012/12/30 10:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/12/30 10:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2012/12/30 05:16:43 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Malware
[2012/12/29 17:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/12/29 17:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/12/29 17:30:04 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012/12/29 17:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/12/29 17:29:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/12/29 17:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/12/29 17:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/12/29 16:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/12/29 16:57:12 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/12/29 16:55:37 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Programs
[2012/12/29 09:56:43 | 161,300,800 | ---- | C] (Hewlett-Packard ) -- C:\Users\HP\Desktop\sp50497.exe
[2012/12/29 04:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
[2012/12/29 04:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebCam Spy Pro
[2012/12/29 04:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCam Spy Pro
[2012/12/25 03:06:08 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/25 03:06:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/25 03:06:07 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/25 03:06:06 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/13 01:01:54 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/12/13 01:01:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/12/13 01:01:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/12/13 01:01:53 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/12/13 01:01:53 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/12/13 01:01:53 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/12/13 01:01:53 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/12/13 01:01:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/12/13 01:01:53 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/12/13 01:01:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/12/13 01:01:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/12/13 01:01:53 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/12/13 01:01:53 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/12/13 01:01:53 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/12/13 01:01:53 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/12/13 01:01:52 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/12/13 01:01:52 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/12/13 01:01:52 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/12/13 01:01:52 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/12/13 01:01:52 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/12/13 01:01:52 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/12/13 01:01:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/12/13 01:01:52 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/12/13 01:01:52 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/12/13 01:00:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/13 01:00:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/13 01:00:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/13 01:00:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/13 01:00:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/13 01:00:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/13 01:00:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/13 01:00:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/13 01:00:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/13 01:00:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/13 01:00:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/13 01:00:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/13 01:00:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/13 01:00:07 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/13 01:00:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/13 00:58:19 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/13 00:58:19 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/13 00:58:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/13 00:58:19 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/13 00:58:17 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/13 00:58:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/13 00:58:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/13 00:58:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/13 00:58:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/13 00:58:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/13 00:58:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/13 00:58:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/13 00:58:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/13 00:58:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/13 00:58:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/13 00:58:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/13 00:58:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/13 00:58:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/13 00:58:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/13 00:58:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/13 00:58:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/13 00:58:08 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/12/13 00:58:08 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/12/13 00:57:55 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/13 00:57:55 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/10 08:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

========== Files - Modified Within 30 Days ==========

[2013/01/06 21:08:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2013/01/06 20:36:49 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/06 20:36:49 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/06 20:36:49 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/06 20:34:56 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/06 20:34:56 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/06 20:32:48 | 000,000,162 | ---- | M] () -- C:\Users\HP\AppData\Local\mv_Photo.xml
[2013/01/06 20:32:48 | 000,000,115 | ---- | M] () -- C:\Users\HP\AppData\Local\mv_music.xml
[2013/01/06 20:30:48 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/06 20:29:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/06 20:28:35 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/06 20:23:38 | 000,551,997 | ---- | M] () -- C:\Users\HP\Desktop\AdwCleaner.exe
[2013/01/06 20:19:35 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/05 16:34:37 | 007,325,822 | ---- | M] () -- C:\Users\HP\Desktop\Beyond Belief.mp4
[2013/01/03 07:46:16 | 000,427,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/03 07:46:09 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP.job
[2012/12/30 16:15:33 | 000,009,431 | ---- | M] () -- C:\Windows\wininit.ini
[2012/12/30 10:46:36 | 000,415,877 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/12/29 18:38:46 | 000,006,784 | ---- | M] () -- C:\Quarantine.lst
[2012/12/29 18:38:46 | 000,003,169 | ---- | M] () -- C:\Quarantine.reg
[2012/12/29 17:28:52 | 000,001,068 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/12/29 16:57:13 | 000,002,961 | ---- | M] () -- C:\Users\HP\Desktop\HiJackThis.lnk
[2012/12/29 10:01:33 | 161,300,800 | ---- | M] (Hewlett-Packard ) -- C:\Users\HP\Desktop\sp50497.exe
[2012/12/26 10:34:57 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\iFunbox.lnk
[2012/12/26 10:31:40 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/26 10:31:40 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/25 18:01:46 | 000,099,026 | ---- | M] () -- C:\Users\HP\Desktop\per_challenge.pdf
[2012/12/25 17:56:09 | 000,063,850 | ---- | M] () -- C:\Users\HP\Desktop\per_summary.pdf
[2012/12/17 01:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 22:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 22:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 22:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/09 10:22:04 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP-HP$.job



to be continued

tinkertailor
2013-01-06, 15:21
OTL.txt Part II


========== Files Created - No Company Name ==========

[2013/01/06 20:23:31 | 000,551,997 | ---- | C] () -- C:\Users\HP\Desktop\AdwCleaner.exe
[2013/01/05 16:27:11 | 007,325,822 | ---- | C] () -- C:\Users\HP\Desktop\Beyond Belief.mp4
[2012/12/31 22:24:47 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/31 22:24:47 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/30 16:31:40 | 000,006,784 | ---- | C] () -- C:\Quarantine.lst
[2012/12/30 16:31:40 | 000,003,169 | ---- | C] () -- C:\Quarantine.reg
[2012/12/30 10:45:58 | 000,415,877 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/12/29 18:38:47 | 000,009,431 | ---- | C] () -- C:\Windows\wininit.ini
[2012/12/29 17:30:09 | 000,002,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/12/29 17:28:52 | 000,001,068 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/12/29 16:57:13 | 000,002,961 | ---- | C] () -- C:\Users\HP\Desktop\HiJackThis.lnk
[2012/12/25 18:01:46 | 000,099,026 | ---- | C] () -- C:\Users\HP\Desktop\per_challenge.pdf
[2012/12/25 17:56:09 | 000,063,850 | ---- | C] () -- C:\Users\HP\Desktop\per_summary.pdf
[2012/10/03 22:12:05 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/10/03 22:12:05 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/10/03 22:12:05 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/10/03 22:12:05 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/10/03 22:12:03 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/10/03 01:04:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/03 00:55:05 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012/10/03 00:54:03 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/10/03 00:54:03 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2012/10/03 00:54:03 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2012/10/03 00:54:03 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/10/03 00:54:02 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/10/03 00:54:01 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/10/03 00:52:56 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2012/10/03 00:52:56 | 000,000,253 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2012/10/02 11:50:40 | 000,000,162 | ---- | C] () -- C:\Users\HP\AppData\Local\mv_Photo.xml
[2012/10/02 11:50:40 | 000,000,115 | ---- | C] () -- C:\Users\HP\AppData\Local\mv_music.xml

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/13 09:27:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 09:27:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/10/16 21:42:06 | 000,000,824 | ---- | M] ()(C:\Users\HP\Desktop\X-Men Origins Wolverine?.lnk) -- C:\Users\HP\Desktop\X-Men Origins Wolverine™.lnk
[2012/10/16 21:42:06 | 000,000,824 | ---- | C] ()(C:\Users\HP\Desktop\X-Men Origins Wolverine?.lnk) -- C:\Users\HP\Desktop\X-Men Origins Wolverine™.lnk
[2012/08/28 10:36:58 | 015,744,623 | ---- | M] ()(C:\Users\HP\Desktop\Thaitanium - Ta Leung - ??????.mp4) -- C:\Users\HP\Desktop\Thaitanium - Ta Leung - ทะลึ่ง.mp4
[2012/08/28 10:36:29 | 015,744,623 | ---- | C] ()(C:\Users\HP\Desktop\Thaitanium - Ta Leung - ??????.mp4) -- C:\Users\HP\Desktop\Thaitanium - Ta Leung - ทะลึ่ง.mp4

< End of report >

tinkertailor
2013-01-06, 15:22
Extras.Txt


OTL Extras logfile created on: 6/1/2013 9:10:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

3.80 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 50.47% Memory free
7.60 Gb Paging File | 4.99 Gb Available in Paging File | 65.66% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 565.05 Gb Total Space | 78.46 Gb Free Space | 13.89% Space Free | Partition Type: NTFS
Drive D: | 30.83 Gb Total Space | 4.53 Gb Free Space | 14.70% Space Free | Partition Type: NTFS
Drive X: | 6.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HP-HP | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2208690772-3602456008-4151856646-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038A452B-415F-4780-BD39-ABC0E3572131}" = lport=10243 | protocol=6 | dir=in | app=system |
"{17A167EB-1F91-4095-9773-72EF9677EF21}" = rport=139 | protocol=6 | dir=out | app=system |
"{1870E2F8-7D72-4EC5-9FD9-8A7E6942C5D2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1904551C-8275-4EB6-8106-A5DD8E655D8D}" = rport=138 | protocol=17 | dir=out | app=system |
"{23AB7BB7-10FE-42D9-A115-F0497004D18B}" = rport=137 | protocol=17 | dir=out | app=system |
"{34241B8B-A8B3-4BA7-8A2E-9357672DEDEE}" = lport=139 | protocol=6 | dir=in | app=system |
"{4B260AA7-5B12-45D4-8332-8D21BFF04716}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DED7B0A-330D-4C84-8533-9D718D46B438}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63B573BF-5D33-4C93-A53F-4257D0E983A6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7930D10D-8254-4C3F-9DAD-676EE0916D6B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E96FEFE-9070-4DA3-AC3F-180DC22D2F9F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{92C559DA-1665-4BA5-BD67-6AF18B742760}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9FE0A7A2-5E65-4227-A5FB-37690F407B36}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6279C8A-4C25-4D4D-BB18-617169617E76}" = lport=138 | protocol=17 | dir=in | app=system |
"{AEA56CDB-9C0A-492D-9B65-86B589211912}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AEDCCE61-1F21-4B88-8305-6F9A6A7B3223}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD3B508E-DB45-48F1-9F84-0422B5C3C2E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{D9D80EB1-AB73-4445-8364-62F5E59D75E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E61FAB5E-E166-4940-98F2-A87EFE370B5E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E7C1E192-EEC6-44B9-B374-403A88CA5845}" = lport=137 | protocol=17 | dir=in | app=system |
"{EB579529-73E5-4832-B4C8-7A827E606351}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EC0FE624-A44D-45AA-94F4-AA3F4AAF7980}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F82088BF-C010-48CC-80FE-FAD5362E9BB3}" = rport=445 | protocol=6 | dir=out | app=system |
"{FFC1E232-BAC0-4230-B8A9-24F6FC0D97B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B88DFB-DC97-462C-8916-94D3F783E373}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{08554644-83F4-46E2-9480-F7D4F5CF54DA}" = protocol=6 | dir=in | app=c:\users\hp\appdata\local\temp\bundlesweetimsetup.exe |
"{0999F144-FB5F-4865-A32E-8B0CA6C58F3B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09C41928-1D0E-400A-9E1F-9D715DB0A238}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{11356BB6-2079-426B-8D7D-573EE2B5996A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{12CBBFD3-A39F-4FA7-88EF-17BF8F629D01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{15F76E24-79F7-4D72-9039-EA220A427B10}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1A82985B-730F-4D83-A012-EA61BE446ECA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{1DBDC98E-660A-4005-AA60-EF5F5388E297}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2A61542E-A1E3-49E1-B9B2-2EE46620B012}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{2BD82AF9-F020-4DC0-BCAF-49F10766177D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2C9D9E4D-7E35-4F2B-B672-8F0F9FB03BAD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2CF68606-E2B9-4BF9-B60C-271A23FC02F0}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\x-men origins - wolverine(tm)\binaries\wolverine.exe |
"{2DF0ADED-1C7F-4F72-89AC-057DB7B88C1B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{32538083-F578-4DA0-9E0F-DA6D84172D8B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{328645B4-07CD-4A81-BA41-0CCD9EC8E066}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
"{34C0F3DB-8F20-4A7A-9D30-0AA2B82A469A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{363E84A7-2B3D-46DC-AD12-5444C699C624}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{385D8030-CC08-4DD5-8D7E-A5ADF9FD4D31}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{43865ADB-A825-410F-B4EF-65F9F02E8C06}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\x-men origins - wolverine(tm)\binaries\wolverine.exe |
"{439F6D80-2C32-4993-8B10-6E4007C97787}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4D9AC48D-6A44-4E70-8057-CFDCB7531D41}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{51306C0C-9A6C-4204-8BD3-4A6DD7ED8BFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A3FF81D-C314-4BD7-A6D7-460CC6A10151}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{5A52469B-0B98-4B88-BC4C-8DA5ADE728B0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5AAB07ED-CF4C-4E46-9F01-DBA452BA4454}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{609A2E7F-8F48-46D0-8A6E-4407849573EF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{6B6747F2-D4C4-43F9-85CE-F528B110E920}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6CB07BB1-1793-4E7C-BC01-1D0A324B9B19}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{70002089-0DBD-4E15-AD00-40038079F7AA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{777F971F-381A-4ACD-8ED6-4DB6340398BB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7C165E6C-42B5-4D93-8D9E-54F487333552}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{7CCC70B4-AD4C-42CB-840B-A21A011735BE}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{7D770881-7DE3-4F54-8076-99EC82837405}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8B9DBA11-A7BB-4A69-B91D-69A0DDAE04C0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{8C3AB154-204D-4055-82E4-0166A4639029}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{93C24EA6-9CF8-4621-B5AF-FA2B98483EAA}" = protocol=17 | dir=in | app=c:\users\hp\appdata\local\temp\bundlesweetimsetup.exe |
"{98362E9E-C42C-44D5-9644-F29B3A94779D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9B187CA0-E53D-487C-A539-BC32D1428AAB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9B871AA1-2AB0-4E58-9CB1-440A96A77D48}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A46A6D47-64E3-4FF5-8602-740136071887}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A749FD10-BC89-4FC6-B792-B6301807D51D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A8F31FD7-8C49-430B-8832-69ED662E9BF1}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{AC7FB83E-CA98-4EC8-9295-138F7CEBA112}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{B0B10D4F-4B4B-429A-B863-74AD2087A68F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{B14217F7-0EBE-4C3A-884E-52C0B84FCEBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B3D54201-E17F-4E3D-87F9-F098C64B8DD1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{B5186F91-BCC1-405D-A1C6-66C005978409}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
"{B7A886D9-EF0A-457A-8F08-48FE28EF8BBC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{B7ABD0CC-D35B-412C-BBDC-DBBFBF5D464B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA7D1C89-D377-40C9-A076-E6E08D98D877}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BE64AAAB-C457-4802-A6D4-2FFD5C7B9AA4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{BEBA1232-EDC4-4557-A924-AB3993A3FB80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB0C0E4F-C5C3-4005-AE2E-F1507E8B1B90}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{CF91A56B-FB81-43F7-A366-334E86971C26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D233C335-8D3D-4D4D-A252-01220DCBDF25}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{DBB5C0E4-1BC8-4A1A-B565-749E679E017B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1B2CFFC-3B89-4F2C-8804-DE6DA806064D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{E28B422A-5378-4287-8E3E-5A34DDA933C6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{E45B06FB-056F-4B9E-B6DE-481B2F931983}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E886997A-3F0F-4D5D-9046-98EE726A94BC}" = protocol=6 | dir=out | app=system |
"{EA07E2E8-08C1-4B63-8669-49F843FFE0DC}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{EBA80C46-AF6D-40CB-912B-B0EF48C19925}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{EF3189B9-47B5-4E0C-88D0-5BF6AC86F0C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6C6DD7C-44EE-4C86-B464-91F0D6D5CB62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA7D069D-BF1E-4EB3-A188-E71168717496}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{7006BA03-E634-4544-BAB4-1812521BC67A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{95F00C34-719D-4711-A54B-170822EEE968}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{B4F2C2AE-CAB9-4381-8A5C-977C487F6A30}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{934CEA05-BAEA-4F57-9964-588CE243F1C6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{AC0422D8-AD53-413A-8A2F-3D04C93CD268}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{CA89F87A-A5D5-4744-BD01-64C8B892B634}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09BDCC02-80F2-4EFB-8F1B-A807D2C38E31}" = HP MediaSmart Movies and TV
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences Pro
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{3497481A-4317-34E7-A3C7-682D6B04730F}" = ATI Catalyst Install Manager
"{426FAE9F-7373-496E-A215-9DB7EF4398CF}" = Validity Sensors DDK
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{564DE271-941C-77F2-3ABD-641752365269}" = ccc-utility64
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{929685C0-FC01-45E1-8B39-2948E8FF861E}" = Intel(R) Wireless Display
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{BE6725F2-6D15-477C-86C6-4522B8569D62}" = HP MediaSmart SmartMenu
"{C84FFB07-C687-45CF-91C8-868DB8D8C8CD}" = HP 3D DriveGuard
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.3.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 (64-bit)
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{022D02A7-3A59-19B0-BB22-4CBCD1D8B93A}" = CCC Help Korean
"{03464997-382C-0ADE-1F2B-C95A29A883F5}" = Catalyst Control Center Graphics Previews Vista
"{066A7B2B-F58C-19A0-CF1F-A0D6F0E8AB4D}" = CCC Help Polish
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0AB77D72-0443-3C05-33E6-6D6AEC9E55F5}" = Catalyst Control Center Localization All
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{10D4BC5F-F73E-4CD1-A7C2-DF215307A811}" = ZoneAlarm Firewall
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CD86E2F-BA36-217B-0D09-E8C49E008F4A}" = CCC Help Portuguese
"{1DCB0115-82D7-7D8E-378B-45657C4D84F8}" = CCC Help Hungarian
"{1E6E990A-728D-4700-9B0A-2CA541C93A12}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{264779DD-BD81-4B42-968F-71DBF32EEBD1}" = HP Documentation
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2756F572-C383-4A2E-B1F6-7315E6DA308A}" = ZoneAlarm Security
"{2DD843FA-F8BF-DA87-5679-1FC73EA8838A}" = CCC Help Thai
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{38A8F2F8-B2A2-DB36-D774-31C1AE97393D}" = CCC Help Czech
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41C0AEB9-A323-5A12-4914-F57E5B52B67D}" = CCC Help Chinese Traditional
"{42050F4E-1ACC-F60A-E7A1-C550178A200B}" = CCC Help English
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46E4F84F-B32F-7E9B-B461-A8533D9C96EF}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D31A225-453B-4798-8452-9F2181CA6971}" = SoftStylus
"{519CA6F8-B396-8A5E-5B8D-0FDA7F972532}" = CCC Help Spanish
"{52A1CBA7-3AA0-3AB6-FF61-8F3F6D525E30}" = CCC Help Chinese Standard
"{52BE22C7-5CA2-4150-8948-88C9DD7F6B56}" = QuickShare
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{626B5918-B395-4B69-A06B-14C3EB1C3942}" = HP Quick Launch
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64F67489-76BB-4CDD-A236-F954BE774B35}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6827AF4C-65D1-5A04-462A-0E561AC20DA6}" = CCC Help Dutch
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B114F59-6732-4EA5-A33E-ACC6DEC49B61}" = HP Software Framework
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = Activision(R)
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{890661A5-1747-7195-1F65-CD1D5978DFDB}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B51577F-A9C6-3AD7-C71F-158E453C45DC}" = CCC Help Italian
"{8B785B3D-FC40-2CDC-6274-13D5A7C6BAAD}" = CCC Help Danish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96A16297-EB8B-A974-2230-B570C3B0FAFD}" = CCC Help German
"{9738B675-341A-00C5-0870-47C4986AAEBA}" = CCC Help French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C7DC529-66C6-55DA-C0CA-1718987AC28D}" = CCC Help Japanese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FD42D42-E8F1-ABAA-D234-A66033F66721}" = CCC Help Norwegian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB71D51A-DD83-4C22-98E2-DF8CB803F65D}" = Alcor Micro USB Card Reader
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AE70615C-D28C-6159-8846-9B1EECC84BEE}" = PX Profile Update
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B435CD99-8921-4900-C5D1-34300810C8BD}" = ccc-core-static
"{B7604945-ED3D-4AE5-AA69-7D5CFF333FE1}" = TouchCopy 11
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD59AF8D-79AC-97E6-C091-282EE4220220}" = CCC Help Finnish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBD9111A-AE2F-36A3-5244-23752102657B}" = Catalyst Control Center Graphics Previews Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E05871BE-C931-25A2-EB3B-045A12DDEC45}" = CCC Help Turkish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = HP SimplePass Identity Protection
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F168C640-58E3-832C-6D32-6AC044B78B87}" = CCC Help Greek
"{F568121D-0A82-3320-2230-84D1F4685C44}" = CCC Help Russian
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ERUNT_is1" = ERUNT 1.1j
"Fences Pro" = Fences Pro
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = X-Men Origins - Wolverine(TM)
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{AB71D51A-DD83-4C22-98E2-DF8CB803F65D}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = HP SimplePass Identity Protection
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.3.0
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft ScreenHunter 6.0 Free" = Wisdom-soft ScreenHunter 6.0 Free
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZumoDrive" = HP CloudDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/12/2012 9:28:14 AM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 3/12/2012 12:05:03 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 9/12/2012 2:40:09 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 12/12/2012 1:36:04 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 13/12/2012 5:44:24 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 17/12/2012 8:56:21 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 17/12/2012 8:59:40 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 17/12/2012 9:20:07 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 18/12/2012 5:42:38 PM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

Error - 23/12/2012 9:26:07 AM | Computer Name = HP-HP | Source = .NET Runtime | ID = 1022
Description =

[ HP Wireless Assistant Events ]
Error - 1/10/2012 11:35:25 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:35:25 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:35:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:35:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:36:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:36:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:37:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:37:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:38:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/10/2012 11:38:30 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ Spybot - Search and Destroy Events ]
Error - 29/12/2012 6:38:51 AM | Computer Name = HP-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 29/12/2012 6:39:14 AM | Computer Name = HP-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 30/12/2012 4:15:34 AM | Computer Name = HP-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 30/12/2012 4:04:59 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%13

Error - 30/12/2012 4:14:13 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 30/12/2012 4:14:15 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 30/12/2012 4:24:37 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 30/12/2012 4:26:20 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 30/12/2012 4:26:21 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 30/12/2012 4:34:45 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 30/12/2012 4:34:50 AM | Computer Name = HP-HP | Source = DCOM | ID = 10010
Description =

Error - 30/12/2012 4:36:14 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 30/12/2012 4:36:15 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5


< End of report >

ken545
2013-01-06, 15:34
Hi,



Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Program Files (x86)\sweetpacks bundle uninstaller


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces


Let me know if your still having problems after running this fix

tinkertailor
2013-01-06, 15:46
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\HP\Desktop\cmd.bat deleted successfully.
C:\Users\HP\Desktop\cmd.txt deleted successfully.
C:\Program Files (x86)\sweetpacks bundle uninstaller folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP
->Temp folder emptied: 79243546 bytes
->Temporary Internet Files folder emptied: 146193568 bytes
->Java cache emptied: 10412 bytes
->FireFox cache emptied: 122213884 bytes
->Google Chrome cache emptied: 186035060 bytes
->Flash cache emptied: 18826 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64692752 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 106863 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50506 bytes
RecycleBin emptied: 462096 bytes

Total Files Cleaned = 571.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01062013_213654

Files\Folders moved on Reboot...
C:\Users\HP\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\HP\AppData\Local\Temp\~DF5D091389D5620BDC.TMP moved successfully.
C:\Windows\temp\ZLT058e0.TMP moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


*****************************

Computer appeared to be back to normal now. the hjacked browser tabs are gone and the system seem faster now. Let me reboot and play around with it for some time. Thanks for your marvellous assistance.

ken545
2013-01-06, 16:32
Do that, we can dig deeper if need be.

Let me tell you about downloading programs, you need to take the time and read what your getting, for profits even some legit programs are starting to add bundled software, a good example is about month ago a friend sent me a PowerPoint presentation, I didn't have PP on the computer I was on so I wanted to download the free PowerPoint Reader, the first site I went into after I started reading it wanted to install Babylon Toolbar and make it my default search engine, its difficult to remove, needless to say I got out of that site real quick, I finally found the legit version right on the Microsoft site, so be careful what you download, Read, Read Read what your getting

tinkertailor
2013-01-07, 15:22
thanks for the kind words and advice. everything running smoothly now but I still got one related issue to resolve. In the process of preparing the system for the malware removal process, I have ran ERUNT as instructed, which is meant to backup my registry. It seem the malware has disrupted its ability to backup that registry and I got an error message whenever the system boot up, stating the registry cannot be backup. entry. But I am still getting the message with the malware removed now and everything resolved. I am thinking it may due to a boot-up process being stalled earlier by the infection and is now stuck in a loop that need to be manually removed. do you have any idea ?

ken545
2013-01-07, 19:31
We need to run CleanUp thats built into OTL, is should remove ERUNT .

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.

Let me know how it went

tinkertailor
2013-01-09, 01:30
I am still getting the messages on booting up. I have attached the screen capture of the three initial messages. Hope you have some idea how to resolve it. Thanks.

ken545
2013-01-09, 02:38
Sorry your still having problems

You need the 64 bit version, we can delete the file but lets see where it wants to start from


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
erunt

:folderfind
erunt

:Regfind
erunt


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

tinkertailor
2013-01-09, 21:46
systemlook.txt content :


SystemLook 30.07.11 by jpshortstuff
Log created at 03:43 on 10/01/2013 by HP
Administrator - Elevation successful

========== filefind ==========

Searching for "erunt"
No files found.

========== folderfind ==========

Searching for "erunt"
C:\Program Files (x86)\ERUNT d------ [09:28 29/12/2012]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT d------ [09:28 29/12/2012]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\ERUNT d------ [09:28 29/12/2012]

========== Regfind ==========

Searching for "erunt"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\HP\Desktop\erunt-setup.exe"="ERUNT Setup "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C}\ProgID]
@="WorkspaceRuntime.Workspace.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C}\VersionIndependentProgID]
@="WorkspaceRuntime.Workspace"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10E2414A-EC59-49D2-BC51-5ADD2C36FEBC}]
@="IProvideRuntimeContext"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1B8D8AE1-A595-4687-A7AD-9E3828E09B79}\1.0]
@="WorkspaceRuntime 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WorkspaceRuntime.Workspace]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WorkspaceRuntime.Workspace\CurVer]
@="WorkspaceRuntime.Workspace.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WorkspaceRuntime.Workspace.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C}\ProgID]
@="WorkspaceRuntime.Workspace.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C}\VersionIndependentProgID]
@="WorkspaceRuntime.Workspace"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{10E2414A-EC59-49D2-BC51-5ADD2C36FEBC}]
@="IProvideRuntimeContext"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F21BCAA-6F6A-4B68-B2BE-A1B1902AB236}]
@="IGrooveRunTimeComponentContainer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E43FD401-8715-11D1-98E7-00A0C9702442}]
@="IVbeRuntimeHost"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{1B8D8AE1-A595-4687-A7AD-9E3828E09B79}\1.0]
@="WorkspaceRuntime 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-t..aceruntimeproxystub_31bf3856ad364e35_none_3b27e5fa6f664a28]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_en-us_9e9605f9112461ed]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_none_c19e747ed3130870]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-t..aceruntimeproxystub_31bf3856ad364e35_none_df094a76b708d8f2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"Inno Setup: App Path"="C:\Program Files (x86)\ERUNT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"InstallLocation"="C:\Program Files (x86)\ERUNT\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"Inno Setup: Icon Group"="ERUNT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"Inno Setup: Deselected Tasks"="eruntdesktopicon,ntregoptdesktopicon,eruntquicklaunchicon,ntregoptquicklaunchicon,installgermanlanguagefiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"DisplayName"="ERUNT 1.1j"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"UninstallString"=""C:\Program Files (x86)\ERUNT\unins000.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"QuietUninstallString"=""C:\Program Files (x86)\ERUNT\unins000.exe" /SILENT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"HelpLink"="http://www.larshederer.homepage.t-online.de/erunt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"URLUpdateInfo"="http://www.larshederer.homepage.t-online.de/erunt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C}\ProgID]
@="WorkspaceRuntime.Workspace.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C}\VersionIndependentProgID]
@="WorkspaceRuntime.Workspace"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{10E2414A-EC59-49D2-BC51-5ADD2C36FEBC}]
@="IProvideRuntimeContext"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{4F21BCAA-6F6A-4B68-B2BE-A1B1902AB236}]
@="IGrooveRunTimeComponentContainer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E43FD401-8715-11D1-98E7-00A0C9702442}]
@="IVbeRuntimeHost"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{1B8D8AE1-A595-4687-A7AD-9E3828E09B79}\1.0]
@="WorkspaceRuntime 1.0 Type Library"
[HKEY_USERS\S-1-5-21-2208690772-3602456008-4151856646-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\HP\Desktop\erunt-setup.exe"="ERUNT Setup "
[HKEY_USERS\S-1-5-21-2208690772-3602456008-4151856646-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\HP\Desktop\erunt-setup.exe"="ERUNT Setup "

-= EOF =-

ken545
2013-01-09, 23:52
Hi,

If ERUNT is still on your desktop, drag it to the trash.

You need to have windows show all files and folders

Here's how to display hidden files and folders.

Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.

Click the View tab.

Under Advanced settings, click Show hidden files, folders, and drives, and then click OK.

Delete the erunt files in Red

C:\Program Files (x86)\ERUNT
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\ERUNT

Let me know how it went

ken545
2013-01-13, 20:54
Still with me ?