PDA

View Full Version : SelectionLinks or some virus on laptop


atcdav
2013-01-17, 16:21
The symptoms started with ads showing up above Googe search results and yahoo email inbox. the ads would have a youtube tab and another tab and very small font that said ad not from this site. I found Selectionlinks in my add/remove programs and uninstalled it but then things got much worse. I have screen shots of following: Now my Yahoo home page is formatted improperly and ie opens blank and after a time opens google but a box opens also saying coupons available. I ran TFC.exe, SB S&D and AWCleaner, things were removed but nothing fixed

----------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by David's HP at 9:13:26 on 2013-01-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3932.2204 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\ytbb.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {300BEC06-B743-4D19-86B9-11DC711D7FFB} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uRun: [EPSON WorkForce 610 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_SCAE3.tmp" /EF "HKCU"
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\DAVID'~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOVESL~1.LNK - C:\Windows\Installer\{0ED016B2-C009-4253-9DDD-BDB8DA9CE181}\_E02D80CCF13FCD5A87F526.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{714B57E2-1594-4D0F-B2EE-FE056C10D83E} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}\145727F62716455727E6562737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}\478656D616E636166756 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}\D656C616275616 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}\E416473616A5145523 : DHCPNameServer = 191.168.2.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
x64-Run: [Getting started with MacDrive 8] "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
x64-Run: [picon] "C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\q52m1tjn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-13 09:25; http://forums.spybot.info/misc.php?do=email_dev&email=cGx1Z2luQHNlbGVjdGlvbmxpbmtzLmNvbQ==; C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\q52m1tjn.default\extensions\plugin@selectionlinks.com
.
============= SERVICES / DRIVERS ===============
.
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\System32\drivers\MDFSYSNT.SYS [2010-5-18 306280]
R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\System32\drivers\MDPMGRNT.SYS [2011-3-18 32352]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 CBDisk;CBDisk;C:\Windows\System32\drivers\CBDisk.sys [2011-3-18 70344]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]
R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-5-4 218112]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-16 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-16 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-16 168384]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2011-3-18 2058776]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-3-18 227896]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-6-23 56344]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2011-3-18 7680512]
R3 rismcx64;RICOH Smart Card Reader;C:\Windows\System32\drivers\rismcx64.sys [2011-3-18 79872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-3-18 401920]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2011-3-18 290008]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2011-3-18 17920]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-18 20992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-18 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-18 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== Created Last 30 ================
.
2013-01-17 05:42:35 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96A9935F-BC0C-4DF4-ACC2-7B994B436EC6}\mpengine.dll
2013-01-17 02:33:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-01-17 02:33:02 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-01-17 02:32:56 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-01-15 10:41:37 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-14 18:35:37 -------- d-----w- C:\Program Files (x86)\HRBlock2012
2013-01-13 15:27:02 -------- d-----w- C:\Users\David's HP\AppData\Roaming\Bullzip
2013-01-13 15:26:22 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LXKPTPRC.DLL
2013-01-13 15:26:12 -------- d-----w- C:\Users\David's HP\AppData\Local\Programs
2013-01-13 15:25:25 -------- d-----w- C:\Users\David's HP\AppData\Local\Coupon Companion Plugin
2013-01-10 21:01:54 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-10 21:01:45 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-10 21:01:45 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-10 21:01:38 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-10 21:01:37 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-10 21:01:37 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-10 21:01:37 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-10 21:01:36 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-10 21:01:35 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-10 21:00:47 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-22 16:05:23 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 16:05:23 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 16:05:22 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 16:05:21 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-18 19:08:32 209112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-12-18 19:08:32 209112 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-01-12 23:24:00 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-12 23:23:59 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
============= FINISH: 9:14:03.42 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/18/2011 12:37:02 PM
System Uptime: 1/16/2013 11:00:38 PM (10 hours ago)
.
Motherboard: Hewlett-Packard | | 30DB
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Intel(R) Genuine processor | 2534/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 232 GiB total, 98.09 GiB free.
D: is FIXED (FAT32) - 1 GiB total, 0.976 GiB free.
E: is CDROM ()
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Active Management Technology - SOL
Device ID: PCI\VEN_8086&DEV_2A47&SUBSYS_30DB103C&REV_07\3&33FD14CA&0&1B
Manufacturer: Intel
Name: Intel(R) Active Management Technology - SOL (COM3)
PNP Device ID: PCI\VEN_8086&DEV_2A47&SUBSYS_30DB103C&REV_07\3&33FD14CA&0&1B
Service: Serial
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) 82567LM Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_30DB103C&REV_03\3&33FD14CA&0&C8
Manufacturer: Intel
Name: Intel(R) 82567LM Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_30DB103C&REV_03\3&33FD14CA&0&C8
Service: e1yexpress
.
==== System Restore Points ===================
.
RP291: 1/16/2013 10:56:34 PM - Removed ASPCA Reminder by We-Care.com v4.1.21.1
RP292: 1/16/2013 10:57:49 PM - Removed ASPCA Reminder by We-Care.com v4.1.21.1
RP293: 1/16/2013 11:40:42 PM - C
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 10 ActiveX 64-bit
Adobe Flash Player 10 Plugin 64-bit
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.01)
Amazon Games & Software Downloader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
ClubWPT
Coupon Printer for Windows
DivX Setup
DraftDominator Version 13.0d
Dropbox
DVDFab 8.1.0.0 (16/06/2011) Qt
Epson Event Manager
EPSON Scan
EPSON WorkForce 610 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup
ESET Online Scanner v3
FileHippo.com Update Checker
Google Chrome
Google Earth
Google Update Helper
H&R Block Deluxe + Efile + State 2010
H&R Block Deluxe + Efile + State 2011
H&R Block Deluxe + Efile + State 2012
H&R Block Illinois 2010
H&R Block Illinois 2011
Hewlett-Packard ACLM.NET v1.2.1.1
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HP 3D DriveGuard
HP Customer Experience Enhancements
HP ESU for Microsoft Windows 7
HP Product Detection
HP Quick Launch Buttons
HP Support Assistant
HP Webcam
ImgBurn
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
Intel® Active Management Technology
iTunes
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 26 (64-bit)
Java(TM) SE Development Kit 6 Update 25 (64-bit)
K-Lite Codec Pack (64-bit) v4.5.0
K-Lite Codec Pack 7.0.0 (Full)
LineupDominator Version 8.0a Full
MacDrive 8
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.70.0.1100
MFL Import Version 4.0a
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.1
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server VSS Writer
Microsoft Streets & Trips 2009
Microsoft Virtual PC 2007
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Service Pack 1
Moveslink
MozBackup 1.4.10
Mozilla Firefox 18.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.2 (x86 en-US)
Notepad++
PCDrafter 2012
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Picasa 3
Projections Dominator Version 6.0g
QLBCASL
QuickTime
RICOH R5C853 Driver Vista x64 Ver.1.00.09
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
Spybot - Search & Destroy
SpywareBlaster 4.4
Sql Server Customer Experience Improvement Program
Suunto USB Drive
Suunto USB Driver
Suunto USB Serial Port (Driver Removal)
Synaptics Pointing Device Driver
TradeDominator version 7.0a
TweetDeck
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.7
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
1/16/2013 5:53:06 PM, Error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).
1/16/2013 11:01:45 PM, Error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
1/16/2013 11:00:11 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll
1/16/2013 10:22:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio Endpoint Builder service, but this action failed with the following error: Circular service dependency was specified.
1/16/2013 10:22:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
1/16/2013 10:22:33 PM, Error: Service Control Manager [7019] - The Windows Audio Endpoint Builder service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.
1/16/2013 10:22:33 PM, Error: Service Control Manager [7017] - Detected circular dependencies demand starting Windows Audio Endpoint Builder. Check the service dependency tree.
1/16/2013 10:22:33 PM, Error: Service Control Manager [7000] - The Plug and Play service failed to start due to the following error: A system shutdown is in progress.
1/16/2013 10:22:33 PM, Error: Service Control Manager [7000] - The HomeGroup Listener service failed to start due to the following error: A system shutdown is in progress.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/16/2013 10:21:24 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/16/2013 10:20:56 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "193" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
1/16/2013 10:20:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
1/16/2013 10:15:25 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
1/16/2013 10:04:17 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
1/15/2013 5:02:22 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{81B78C55-7D5D-4F9D-85CF-FC78FF735239}. The master browser is stopping or an election is being forced.
1/10/2013 3:12:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/10/2013 3:12:16 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================



aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-17 09:14:22
-----------------------------
09:14:22.955 OS Version: Windows x64 6.1.7601 Service Pack 1
09:14:22.955 Number of processors: 2 586 0x170A
09:14:22.955 ComputerName: DAVES-6930P UserName: David's HP
09:14:24.375 Initialize success
09:14:33.268 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
09:14:33.268 Disk 0 Vendor: Hitachi_HTS723225L9A360 FCDOC60D Size: 238475MB BusType: 11
09:14:33.284 Disk 0 MBR read successfully
09:14:33.284 Disk 0 MBR scan
09:14:33.299 Disk 0 Windows 7 default MBR code
09:14:33.299 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:14:33.315 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 237344 MB offset 206848
09:14:33.331 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 1027 MB offset 486287550
09:14:33.362 Disk 0 scanning C:\Windows\system32\drivers
09:14:40.397 Service scanning
09:14:58.743 Modules scanning
09:14:58.759 Disk 0 trace - called modules:
09:14:58.790 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:14:58.790 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c29060]
09:14:58.806 3 CLASSPNP.SYS[fffff880011c643f] -> nt!IofCallDriver -> [0xfffffa8004c28430]
09:14:58.821 5 hpdskflt.sys[fffff88001464189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004a87680]
09:14:58.821 Scan finished successfully
09:15:12.159 Disk 0 MBR has been saved successfully to "C:\Users\David's HP\Desktop\MBR.dat"
09:15:12.159 The log file has been saved successfully to "C:\Users\David's HP\Desktop\aswMBR.txt"

I wanted to say I think the trouble strated when I accidentally hit something on Google about ASPCA and then these dog paws started showing up on search reults. I also uninstalled the ASPCA from add/remove programs
Satchfan
2013-01-19, 23:56
Hello atcdav and welcome to the Safer Networking Forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


We need some different scans to see what is happening here.

Spybot TeaTimer

Please disable this program and leave it disabled until we are done as it can interfere with some of the tools we use.

launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
on the left hand side, click on Tools, then click on the Resident Icon in the list.
uncheck the Resident TeaTimer (Protection of overall system settings) active box.
click on the System Startup icon in the List
uncheck the "TeaTimer" box and click OK at any prompts.
if Teatimer gives you a warning that changes were made, click Allow Change when prompted.
exit Spybot S&D.

(When we are finished, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup).

===================================================

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.

close all running programs
for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
when the prescan is finished, click on Scan
click on Report and copy/paste the content in your next post.
[/list
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe Please post the contents of the RKreport.txt in your next reply.

Remember: do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again.

===================================================

Download and run OTL

download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
click Scan all users.
under Custom Scan paste this in


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /rp /s
DRIVES
CREATERESTOREPOINT

click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
you may need two posts to fit them both in.

Logs to include with next post:

OTL.txt
Extras.txt
RKreport.txt

Thanks
atcdav
2013-01-20, 00:56
I have done somethings since original post. I uninstalled Java, removed a known program - moveslink. I uninstalled Spybot2, I could not find teatimer nor how to disable it. The interface was different than describes. Is Spybot2 different than Spybot S&D? I also reset I.E. and I uninstalled and reinstalled Firefox. I was receiving help at Geekstogo but they didnt seem to find anything, he was unable to get OTL to run with his instructions, your instructions worked fine.. Requested logs follow.
atcdav
2013-01-20, 00:56
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : David's HP [Admin rights]
Mode : Scan -- Date : 01/19/2013 17:26:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\DAVID"~1\AppData\Local\Temp\IHU3976.tmp.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS723225L9A360 ATA Device +++++
--- User ---
[MBR] cceb967c25929b1867c7a47bee28129b
6cc8b66dcb99ee5a5e444df68528afb2 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 237344 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 486287550 | Size: 1027 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01192013_02d1726.txt >>
RKreport[1]_S_01192013_02d1726.txt



OTL logfile created on: 1/19/2013 5:30:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David's HP\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 55.55% Memory free
7.68 Gb Paging File | 5.78 Gb Available in Paging File | 75.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.78 Gb Total Space | 88.41 Gb Free Space | 38.14% Space Free | Partition Type: NTFS
Drive D: | 1.00 Gb Total Space | 0.98 Gb Free Space | 97.43% Space Free | Partition Type: FAT32
Drive F: | 3.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DAVES-6930P | User Name: David's HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/19 17:28:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David's HP\Desktop\OTL(1).exe
PRC - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/08/09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/02/25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
PRC - [2009/07/15 11:05:24 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/15 11:05:16 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/02/23 18:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 12:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/03/12 14:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Services (SafeList) ==========

SRV:[b]64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/05/04 12:33:00 | 000,218,112 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV:64bit: - [2010/03/05 10:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 10:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 10:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/07/15 16:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2013/01/18 21:14:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 11:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC)
SRV - [2009/07/15 11:05:24 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/15 11:05:16 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/28 20:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/07/28 07:08:24 | 000,294,232 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2011/07/26 18:38:28 | 000,017,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn.sys -- (HBtnKey)
DRV:64bit: - [2011/06/03 13:34:10 | 010,628,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/18 13:47:41 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/21 12:11:36 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/02/21 12:11:36 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/18 02:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/06/03 18:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/18 08:07:26 | 000,306,280 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV:64bit: - [2010/05/05 08:43:24 | 000,032,352 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV:64bit: - [2010/04/07 15:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2010/02/25 14:18:58 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/01/13 11:15:54 | 000,070,344 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CBDisk.sys -- (CBDisk)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/23 11:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 16:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/10/09 02:34:32 | 001,875,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2007/08/08 16:39:46 | 000,060,928 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/03/07 12:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
DRV:64bit: - [2007/01/29 05:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2006/12/20 00:08:00 | 000,079,872 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\..\SearchScopes,DefaultScope = {09C04023-9666-407B-AB08-D55EA82E4B89}
IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\..\SearchScopes\{09C04023-9666-407B-AB08-D55EA82E4B89}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121219100509
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/18 13:26:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/18 13:26:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 21:14:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/18 21:14:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/18 20:42:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/01/18 20:42:42 | 000,000,000 | ---D | M]

[2013/01/17 18:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Extensions
[2011/03/18 13:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/01/17 18:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions
[2013/01/17 18:15:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/01/17 18:15:58 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013/01/17 18:15:58 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2013/01/17 18:14:12 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/18 21:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/18 21:14:31 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/04 06:10:19 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2012/02/22 16:58:26 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/22 16:58:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/01/04 21:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/04 21:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/17 13:36:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\David's HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 191.168.2.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{714B57E2-1594-4D0F-B2EE-FE056C10D83E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}: DhcpNameServer = 191.168.2.100
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/19 17:28:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David's HP\Desktop\OTL(1).exe
[2013/01/19 17:25:40 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\RK_Quarantine
[2013/01/18 21:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/18 20:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/18 20:46:50 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013/01/18 20:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/18 20:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/18 20:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/01/18 20:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/18 20:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/01/18 20:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/01/18 20:41:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/17 16:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/01/17 15:47:06 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\GrantPerms
[2013/01/17 14:06:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/17 13:39:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/17 13:24:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/17 09:00:37 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\Draft files
[2013/01/17 08:42:00 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Documents\ProcAlyzer Dumps
[2013/01/16 22:28:06 | 002,712,200 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\David's HP\Desktop\procexp.exe
[2013/01/16 20:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/16 17:52:37 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\David's HP\Desktop\TFC.exe
[2013/01/14 12:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2012
[2013/01/14 12:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2012
[2013/01/14 12:27:23 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\H&R Block At Home Deluxe + State 2012
[2013/01/14 12:27:23 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Documents\Amazon Downloader Logs
[2013/01/14 12:27:15 | 000,935,344 | ---- | C] (Amazon Services LLC) -- C:\Users\David's HP\Desktop\H_R_Block_At_Home_Deluxe_State_2012_Downloader.exe
[2013/01/14 11:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/01/13 09:27:02 | 000,000,000 | ---D | C] -- C:\Users\David's HP\AppData\Roaming\Bullzip
[2013/01/13 09:26:12 | 000,000,000 | ---D | C] -- C:\Users\David's HP\AppData\Local\Programs
[2013/01/13 09:25:25 | 000,000,000 | ---D | C] -- C:\Users\David's HP\AppData\Local\Coupon Companion Plugin
[2013/01/10 15:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/01/10 15:01:54 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/10 15:01:45 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/10 15:01:36 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/10 15:01:35 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/12/22 10:05:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/22 10:05:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/22 10:05:22 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/22 10:05:21 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

========== Files - Modified Within 30 Days ==========

[2013/01/19 17:31:05 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/19 17:28:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David's HP\Desktop\OTL(1).exe
[2013/01/19 17:24:11 | 000,764,416 | ---- | M] () -- C:\Users\David's HP\Desktop\RogueKiller.exe
[2013/01/19 17:18:04 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/19 17:17:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/19 13:59:59 | 000,020,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/19 13:59:59 | 000,020,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 20:49:06 | 3092,459,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/18 20:46:54 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/18 20:42:38 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/01/17 18:08:30 | 000,356,375 | ---- | M] () -- C:\Users\David's HP\Desktop\bookmarks.html
[2013/01/17 16:49:25 | 000,337,164 | ---- | M] () -- C:\Users\David's HP\Desktop\moreads.jpg
[2013/01/17 16:46:25 | 000,296,769 | ---- | M] () -- C:\Users\David's HP\Desktop\selectionlinks.jpg
[2013/01/17 16:22:11 | 000,085,325 | ---- | M] () -- C:\Users\David's HP\Desktop\google1.jpg
[2013/01/17 16:21:37 | 000,065,393 | ---- | M] () -- C:\Users\David's HP\Desktop\google2.jpg
[2013/01/17 16:16:09 | 000,872,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/17 16:16:09 | 000,728,404 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/17 16:16:09 | 000,147,430 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/17 15:51:01 | 000,257,218 | ---- | M] () -- C:\Users\David's HP\Desktop\sysmain.jpg
[2013/01/17 15:47:06 | 000,456,948 | ---- | M] () -- C:\Users\David's HP\Desktop\GrantPerms.exe
[2013/01/17 15:34:33 | 000,000,273 | ---- | M] () -- C:\WirelessDiagLog.csv
[2013/01/17 14:43:31 | 000,133,024 | ---- | M] () -- C:\Users\David's HP\Desktop\yahoomess.jpg
[2013/01/17 13:36:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/17 13:23:26 | 000,061,440 | ---- | M] ( ) -- C:\Users\David's HP\Desktop\VEW.exe
[2013/01/17 09:09:40 | 000,989,486 | ---- | M] () -- C:\Users\David's HP\Desktop\coupons_aol.dib
[2013/01/16 23:08:37 | 000,115,244 | ---- | M] () -- C:\Users\David's HP\Desktop\yahoomess.png
[2013/01/16 22:28:07 | 002,712,200 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\David's HP\Desktop\procexp.exe
[2013/01/16 21:23:17 | 000,554,087 | ---- | M] () -- C:\Users\David's HP\Desktop\AdwCleaner.exe
[2013/01/16 20:07:35 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/16 17:52:46 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\David's HP\Desktop\TFC.exe
[2013/01/14 12:37:15 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk
[2013/01/14 12:27:16 | 000,935,344 | ---- | M] (Amazon Services LLC) -- C:\Users\David's HP\Desktop\H_R_Block_At_Home_Deluxe_State_2012_Downloader.exe
[2013/01/13 09:24:11 | 000,635,864 | ---- | M] () -- C:\Users\David's HP\Desktop\cbsidlm-tr1_10a-PDF_Printer-SEO-10536746.exe
[2013/01/12 17:24:00 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/12 17:23:59 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/10 16:53:27 | 000,413,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 16:14:28 | 000,002,114 | ---- | M] () -- C:\Users\David's HP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/01/10 15:17:59 | 000,869,550 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/03 16:59:54 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDavid's HP.job
[2012/12/21 07:43:31 | 649,793,119 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2013/01/19 17:23:55 | 000,764,416 | ---- | C] () -- C:\Users\David's HP\Desktop\RogueKiller.exe
[2013/01/18 20:46:54 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/18 20:42:38 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/01/17 18:11:35 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/17 18:08:30 | 000,356,375 | ---- | C] () -- C:\Users\David's HP\Desktop\bookmarks.html
[2013/01/17 16:49:25 | 000,337,164 | ---- | C] () -- C:\Users\David's HP\Desktop\moreads.jpg
[2013/01/17 16:46:25 | 000,296,769 | ---- | C] () -- C:\Users\David's HP\Desktop\selectionlinks.jpg
[2013/01/17 16:22:11 | 000,085,325 | ---- | C] () -- C:\Users\David's HP\Desktop\google1.jpg
[2013/01/17 16:21:37 | 000,065,393 | ---- | C] () -- C:\Users\David's HP\Desktop\google2.jpg
[2013/01/17 15:51:00 | 000,257,218 | ---- | C] () -- C:\Users\David's HP\Desktop\sysmain.jpg
[2013/01/17 15:34:33 | 000,000,273 | ---- | C] () -- C:\WirelessDiagLog.csv
[2013/01/17 14:43:30 | 000,133,024 | ---- | C] () -- C:\Users\David's HP\Desktop\yahoomess.jpg
[2013/01/17 13:23:26 | 000,061,440 | ---- | C] ( ) -- C:\Users\David's HP\Desktop\VEW.exe
[2013/01/17 09:09:39 | 000,989,486 | ---- | C] () -- C:\Users\David's HP\Desktop\coupons_aol.dib
[2013/01/16 23:08:37 | 000,115,244 | ---- | C] () -- C:\Users\David's HP\Desktop\yahoomess.png
[2013/01/16 21:23:11 | 000,554,087 | ---- | C] () -- C:\Users\David's HP\Desktop\AdwCleaner.exe
[2013/01/16 20:07:35 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/14 12:37:15 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk
[2013/01/14 11:08:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/13 09:24:09 | 000,635,864 | ---- | C] () -- C:\Users\David's HP\Desktop\cbsidlm-tr1_10a-PDF_Printer-SEO-10536746.exe
[2012/07/05 14:27:30 | 000,002,530 | ---- | C] () -- C:\ProgramData\regid.2012-05.com.aciwebs,PCDrafter_0B98B203-BE55-4967-B3D7-2C2033182D1B.swidtag
[2011/05/21 08:29:19 | 000,000,000 | ---- | C] () -- C:\Users\David's HP\AppData\Local\{6D1CC7E6-7607-4664-97B8-C534FE82191C}
[2011/05/10 13:00:18 | 000,714,590 | ---- | C] () -- C:\Windows\unins001.exe
[2011/05/10 13:00:09 | 000,714,590 | ---- | C] () -- C:\Windows\unins000.exe
[2011/05/04 12:39:25 | 000,869,550 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/12 03:39:44 | 000,673,610 | ---- | C] () -- C:\Windows\unins002.exe
[2011/04/12 03:39:44 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\PreInstaller.exe
[2011/04/12 03:39:44 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\suuunin.exe
[2011/04/12 03:39:44 | 000,001,810 | ---- | C] () -- C:\Windows\unins002.dat
[2011/04/11 07:44:18 | 000,003,653 | ---- | C] () -- C:\Windows\unins001.dat
[2011/04/11 06:17:52 | 000,008,421 | ---- | C] () -- C:\Windows\unins000.dat
[2011/03/31 15:56:01 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2011/03/31 15:56:01 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/03/18 16:47:37 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/18 16:47:36 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/03/18 16:47:30 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/18 16:47:30 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/18 16:47:30 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/03/18 15:36:30 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/03/18 15:36:30 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/03/18 15:36:30 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/03/18 15:36:30 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/03/18 15:36:30 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/03/18 15:36:30 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/03/18 15:36:30 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/03/18 15:36:30 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/03/18 15:36:30 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/03/18 15:36:30 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/03/18 15:36:30 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/03/18 15:36:30 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/03/18 15:36:30 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/03/18 15:36:30 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/03/18 15:36:30 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/03/18 15:36:30 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/03/18 13:40:50 | 000,186,928 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011/03/18 13:40:50 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS723225L9A360 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 232.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 248979225600
Hidden sectors: 0


< End of report >
atcdav
2013-01-20, 00:57
OTL Extras logfile created on: 1/19/2013 5:30:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David's HP\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 55.55% Memory free
7.68 Gb Paging File | 5.78 Gb Available in Paging File | 75.21% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.78 Gb Total Space | 88.41 Gb Free Space | 38.14% Space Free | Partition Type: NTFS
Drive D: | 1.00 Gb Total Space | 0.98 Gb Free Space | 97.43% Space Free | Partition Type: FAT32
Drive F: | 3.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DAVES-6930P | User Name: David's HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1916152551-4166504153-3791849091-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027A7593-E800-45FF-8B0A-F01FAE3DF763}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0A251EA2-8507-48BE-9D85-F9E361D861DE}" = rport=445 | protocol=6 | dir=out | app=system |
"{0F5B9928-5F3B-44F2-AB42-4BC30795EBA6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{284CFF53-1AEB-4539-8C3E-4886CBBC198C}" = rport=139 | protocol=6 | dir=out | app=system |
"{2FEF746D-023F-4E0B-A7D5-306A9EEDE54E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46FBA676-BBB9-4990-B994-6530D98FE7A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{68E4D8B4-DCBA-4CE0-9C44-BFEF1C213AFE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6BC53F73-68FA-44CD-AC29-94D1950A6C68}" = lport=137 | protocol=17 | dir=in | app=system |
"{792C40F4-8114-4211-B921-836B39D68382}" = lport=139 | protocol=6 | dir=in | app=system |
"{7994970B-E899-4E98-B3F0-EEA64CE7A3CC}" = rport=137 | protocol=17 | dir=out | app=system |
"{7D5D75ED-E3F0-4161-AC2F-A9DFE5961C34}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{838CD82C-4062-4A05-A993-08B0CC89080F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB37F256-2B43-4826-85CA-B2C0772FE1DA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4AA045F-FDF5-4709-BC31-5704DBC05324}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B9D4FF99-AAB2-4D41-AF35-584AF16FBB00}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BE523C19-DFC1-442C-BE8E-FF4EB40ED780}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C339E824-FCF0-4397-A86D-D8996AAFD8F7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C950F9B8-0838-44BF-85B8-E79B618A624F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1D459A7-D6FD-4C68-905D-BD06F4D26AF8}" = lport=445 | protocol=6 | dir=in | app=system |
"{D2FFED7D-8B04-4D73-AAB3-E48C75919B1A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{D4C2C304-A580-40F5-AE0D-AAD2F634A738}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D69047E3-B757-423E-B539-162FFAA3FE2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE4B0FA7-56A9-428B-B4FE-B9C9124E6A46}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6AD9C62-29EF-410B-B276-78E7D143CB33}" = lport=138 | protocol=17 | dir=in | app=system |
"{F6674BBE-AD9B-49FC-A88D-8B0CC10F1EAA}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15693A26-065F-45E4-9ED6-4307DA3BA635}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{182A2E41-0769-4C4C-B85D-188AD6274E54}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{20C271F8-85F4-4E64-828C-D7D69FC79110}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2D07E1C2-4C4C-4B23-8006-F578FA451B58}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{38936F18-7D20-49D1-8E83-7F230AC89929}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{3E26D7F4-8E02-4376-A836-E979CE51FEB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F7B28E2-ABBB-451F-B486-0A6D25B579D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51398BF9-8B9F-4A58-9E8E-230BEBCE6D9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{521CD7CD-1F1B-416E-9464-144835AB291D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BC45F55-3FF7-46AD-B0F5-DE052AB16F72}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6161BF25-5609-4980-B493-446C6C58BDB7}" = protocol=6 | dir=in | app=c:\users\david's hp\appdata\roaming\dropbox\bin\dropbox.exe |
"{643235DC-A441-4D8C-88FF-DEA9417CBF4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{694BD393-925C-45B0-BE03-0341464CD1D2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69525AF4-DFE0-4E10-99C1-8BA34AB60B80}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6FBB48A6-5CCC-4A5A-9713-EAC5D9CEB9C2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{715B4E1B-2F30-43BA-AE14-54A9E497A644}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7B0BE37A-96ED-443B-AF2F-04790EEEAEA7}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{7BD58B52-D4AE-4F79-B018-FF363541DB8B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8A9D34D6-7F81-4FE8-B7B4-AFD50EAE56CB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{915AE6F9-BED2-4FAC-859B-28FAD3E3FC63}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A4CE94E3-AF10-4B2F-A797-E5BEA7CAD79C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A5349733-F54C-48CE-99CA-7CB9217D96F2}" = protocol=17 | dir=in | app=c:\users\david's hp\appdata\roaming\dropbox\bin\dropbox.exe |
"{B0093398-DD7F-473D-876F-E12623BB8669}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B03D3AB6-B908-4608-8C22-5795E4ECC307}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{BEF23D1C-60D5-4561-BDF8-C3E5CC598370}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BFFE18A3-8E64-4135-82B5-B034306097AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C994B054-0718-4221-8CCB-26184E20747D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CB85EA7C-3CAF-453E-A67B-170AEC47DCC9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E686AEB7-7A4D-4BE2-BC11-45F6F5BE47D7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ED0CADB6-8788-405C-8433-679CC031D9CC}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{F2191C55-B9D6-4929-B0EF-B9873BA4AD69}" = protocol=6 | dir=out | app=system |
"{F478498B-8B59-4896-8855-3AD06B31CABD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F6BB49B9-C572-442A-8463-8C714960B99A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8EEC18B-0B17-49AF-B392-5FEAFA4BDED5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{5AABB199-5B0F-422C-A519-C722EF4AECBE}C:\program files (x86)\Epson Software\Event Manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{84D7D589-FD67-45E1-8881-5CB257151A79}C:\program files (x86)\icechat7\icechat7.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icechat7\icechat7.exe |
"TCP Query User{B9D72EE3-97C1-40E3-B8FA-B65AD333F3AC}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{C72B5F47-85FE-4870-A9F8-85624C8A1088}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{D36361BB-BF82-49A1-B624-D315D3F97A60}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{E0FE52C5-FAC8-49B9-8AFA-51448E943C4C}C:\users\david's hp\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\david's hp\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{E38DFCAD-ABD1-4FBD-BEB0-C456F1BC100E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{F761CC73-1090-4B95-BDA9-28867AD6F72C}C:\program files (x86)\Epson Software\Event Manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{FE73ACAE-9BAA-4D5C-BAB7-8F37BEF6505F}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{3E2ED8C5-8A07-4065-8E0D-1A66A7A37395}C:\program files (x86)\Epson Software\Event Manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{582743B2-6327-4C11-9899-158FFB1AA809}C:\program files (x86)\icechat7\icechat7.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icechat7\icechat7.exe |
"UDP Query User{5C6E4985-A3C7-4926-AA6A-2A4E00D70F70}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{635C518A-E429-4DB7-A7E6-13BDB40536F2}C:\users\david's hp\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\david's hp\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{AB39CC99-A905-4EBC-9B76-B7D492599E28}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{CA033A46-F1DB-4917-994D-3BC7D0574D22}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{E4ACE4EC-8428-4FEC-9C44-9399F4D3657C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{ED2E9C0E-B9E1-4776-82F0-15237DD01B9F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{FA7D3AA4-C8A2-40BF-9284-AF54063D1A04}C:\program files (x86)\Epson Software\Event Manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{391C9982-E373-42CE-A6B1-DF84632DF7E9}" = MacDrive 8
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83DA38AB-1014-41C2-A3CD-E2B93832A71A}" = HP 3D DriveGuard
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
"DVDFab 8 Qt Retail_is1" = DVDFab 8.1.0.0 (16/06/2011) Qt
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"HECI" = Intel(R) Management Engine Interface
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.5.0
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"SuuntoUSBFTDIVista_is1" = Suunto USB Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{563F3279-A139-4C1C-B4E5-8889B136C135}" = H&R Block Illinois 2011
"{58E1B8A4-157D-488F-ADCA-3B87598C912F}" = H&R Block Illinois 2010
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C853 Driver Vista x64 Ver.1.00.09
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{8088E6E2-AFDA-4337-AA29-BA19ABF7D04A}" = HP ESU for Microsoft Windows 7
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Deluxe + Efile + State 2012
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2F34D92-C5CF-4801-90CB-D04A5634B334}" = TweetDeck
"{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}" = Microsoft Streets & Trips 2009
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D54150D1-FA75-484D-A96D-47DB2EA4B2E5}" = PCDrafter 2012
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"ClubWPT" = ClubWPT
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DivX Setup.divx.com" = DivX Setup
"DraftDominator_is1" = DraftDominator Version 13.0d
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Full)
"LineupDominator_is1" = LineupDominator Version 8.0a Full
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MFL Import_is1" = MFL Import Version 4.0a
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0.2 (x86 en-US)" = Mozilla Thunderbird 17.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Pdf995" = Pdf995 (installed by H&R Block)
"PdfEdit995" = PdfEdit995 (installed by H&R Block)
"Picasa 3" = Picasa 3
"Projections Dominator_is1" = Projections Dominator Version 6.0g
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SuuntoUSB_is1" = Suunto USB Drive
"SuuntoUSBDriver_is1" = Suunto USB Driver
"SUUVCOMM&10C4&80F6" = Suunto USB Serial Port (Driver Removal)
"TradeDominator_is1" = TradeDominator version 7.0a
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"VLC media player" = VLC media player 1.1.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1916152551-4166504153-3791849091-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2013 6:15:04 PM | Computer Name = DAVES-6930P | Source = Application Error | ID = 1000
Description = Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bcc33 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
stamp: 0x4eeb033f Exception code: 0x40000015 Fault offset: 0x000000000002a84e Faulting
process id: 0x1ab4 Faulting application start time: 0x01cdf500154d5f0f Faulting application
path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\msvcrt.dll
Report
Id: 575b3921-60f3-11e2-854e-df481fb09c6a

Error - 1/17/2013 8:32:44 PM | Computer Name = DAVES-6930P | Source = Application Error | ID = 1000
Description = Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bcc33 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
stamp: 0x4eeb033f Exception code: 0x40000015 Fault offset: 0x000000000002a84e Faulting
process id: 0x4e0 Faulting application start time: 0x01cdf5134eee7e4a Faulting application
path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\msvcrt.dll
Report
Id: 92c076c0-6106-11e2-8eb2-00216a7a6f38

Error - 1/17/2013 8:32:44 PM | Computer Name = DAVES-6930P | Source = Application Error | ID = 1000
Description = Faulting application name: EvtEng.exe, version: 13.2.0.3, time stamp:
0x4b913eba Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp:
0x506dcae6 Exception code: 0xe06d7363 Fault offset: 0x000000000000bccd Faulting process
id: 0x9ac Faulting application start time: 0x01cdf513506b5a76 Faulting application
path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 92be155f-6106-11e2-8eb2-00216a7a6f38

Error - 1/18/2013 2:32:40 AM | Computer Name = DAVES-6930P | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 1/18/2013 10:49:23 PM | Computer Name = DAVES-6930P | Source = Application Error | ID = 1000
Description = Faulting application name: EvtEng.exe, version: 13.2.0.3, time stamp:
0x4b913eba Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp:
0x506dcae6 Exception code: 0xe06d7363 Fault offset: 0x000000000000bccd Faulting process
id: 0x9e0 Faulting application start time: 0x01cdf5ef93827268 Faulting application
path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: d455efc5-61e2-11e2-8ea5-00216a7a6f38

Error - 1/18/2013 10:49:23 PM | Computer Name = DAVES-6930P | Source = Application Error | ID = 1000
Description = Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bcc33 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
stamp: 0x4eeb033f Exception code: 0x40000015 Fault offset: 0x000000000002a84e Faulting
process id: 0x580 Faulting application start time: 0x01cdf5ef91615749 Faulting application
path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\msvcrt.dll
Report
Id: d45616d5-61e2-11e2-8ea5-00216a7a6f38

Error - 1/19/2013 2:43:31 AM | Computer Name = DAVES-6930P | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 1/19/2013 7:17:03 PM | Computer Name = DAVES-6930P | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/19/2013 7:17:03 PM | Computer Name = DAVES-6930P | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11387449

Error - 1/19/2013 7:17:03 PM | Computer Name = DAVES-6930P | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11387449

[ Hewlett-Packard Events ]
Error - 1/18/2013 4:31:55 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

Error - 1/18/2013 4:31:55 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

Error - 1/18/2013 4:31:55 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

Error - 1/18/2013 4:31:55 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

Error - 1/18/2013 4:31:55 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

Error - 1/18/2013 4:31:55 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

Error - 1/18/2013 4:31:56 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

Error - 1/18/2013 4:31:56 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

Error - 1/18/2013 4:31:56 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

Error - 1/18/2013 4:31:56 PM | Computer Name = DAVES-6930P | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3932 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

[ System Events ]
Error - 1/18/2013 10:43:58 PM | Computer Name = DAVES-6930P | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/18/2013 10:44:58 PM | Computer Name = DAVES-6930P | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 1/18/2013 10:47:42 PM | Computer Name = DAVES-6930P | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll


Error - 1/18/2013 10:47:45 PM | Computer Name = DAVES-6930P | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll


Error - 1/18/2013 10:47:45 PM | Computer Name = DAVES-6930P | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll


Error - 1/18/2013 10:49:41 PM | Computer Name = DAVES-6930P | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/19/2013 4:07:19 PM | Computer Name = DAVES-6930P | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll


Error - 1/19/2013 7:17:24 PM | Computer Name = DAVES-6930P | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll


Error - 1/19/2013 7:22:51 PM | Computer Name = DAVES-6930P | Source = bowser | ID = 8003
Description =

Error - 1/19/2013 7:34:49 PM | Computer Name = DAVES-6930P | Source = bowser | ID = 8003
Description =


< End of report >
Satchfan
2013-01-20, 11:58
OK I can see why you have had these problems but it is Chrome, not IE or FF.

Please can you uninstall Eset as it appears the you have run it and one of its components is causing a conflict.


I have done somethings since original post. Please do nothing more without instruction as it is counter-productive. We diagnose, then treat. Throwing programs at your system when you don’t know the problem doesn’t help. We will sort this.:)


Run RogueKiller

close all programs
double-click RogueKiller.exe - Windows 7: right-click the program and select Run as Administrator'
after it has completed it's prescan click on the “Registry” tab
UNcheck the following false positives

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

make sure the other entries there are checked, then click on Delete

===================================================

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Run OTL

double click on the icon to run it.
copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL


:Services

:OTL
IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\..\SearchScopes,DefaultScope = {09C04023-9666-407B-AB08-D55EA82E4B89}
IE - HKU\S-1-5-21-1916152551-4166504153-3791849091-1001\..\SearchScopes\{09C04023-9666-407B-AB08-D55EA82E4B89}: "URL" =
CHR - homepage: http://www.searchnu.com/406
CHR - homepage: http://www.searchnu.com/406
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[Reboot]

click the Run Fix button at the top
let the program run unhindered, reboot when it is done
please post the OTL fix log

====================================================

Download and run Junkware Removal Tool

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

shut down your protection software now to avoid potential conflicts.
run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
on completion, a log (JRT.txt) is saved to your desktop and will automatically open
post the contents of JRT.txt into your next message.



Please run OTL again


Logs to include in the next post:

New RogueKiller log
OTL fix log
JRT.txt
New OTL log

Satchfan
atcdav
2013-01-20, 15:54
Rogue Killer prescan results were empty under Registry, nothing to check or uncheck so nothing to delete and no log.

ESET uninstalled, I also uninstall MalwareBytes. I will reinstall when we are done.

OTL gave me a moved file log but not a regular log or extra log, maye I did not run it with the correct boxes checked. below is the moved file log and JRT log:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKEY_USERS\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\Internet Explorer\SearchScopes\{09C04023-9666-407B-AB08-D55EA82E4B89}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C04023-9666-407B-AB08-D55EA82E4B89}\ not found.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\David's HP\Desktop\cmd.bat deleted successfully.
C:\Users\David's HP\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David's HP
->Temp folder emptied: 3264039 bytes
->Temporary Internet Files folder emptied: 220202796 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 280780548 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 7304 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34158 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes
RecycleBin emptied: 1226187934 bytes

Total Files Cleaned = 1,650.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01202013_083106

Files\Folders moved on Reboot...
C:\Users\David's HP\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.6 (01.20.2013:1)
OS: Windows 7 Ultimate x64
Ran by David's HP on Sun 01/20/2013 at 8:38:23.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\David's HP\appdata\local\visi_coupon"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ FireFox

Emptied folder: C:\Users\David's HP\AppData\Roaming\mozilla\firefox\profiles\ann9w273.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/20/2013 at 8:46:03.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Satchfan
2013-01-20, 16:29
Reset Chrome’s home page:

open Google Chrome
click on the Customize icon http://i944.photobucket.com/albums/ad283/Ninamf/Chrome.gif, at the top right
click on Settings
under “On start-up”, check Open a specific page or set of pages and then on Set pages
delete any pages that you don’t want
set your start page to the page you want, eg www.google.com

Once you have typed in the address in the 'Open this page' box, this change is saved. If you close this tab and click on the home icon you should now get your home page.

===================================================

Run OTL

open OTL again and click the Quick Scan button (don't check the boxes beside LOP Check or Purity this time)
post the OTL.txt log it produces in your next reply.

Please post back with the log.

Can you tell me how you computer is now and if there are any remaining problems..
Thanks

Satchfan
atcdav
2013-01-20, 16:47
when I run quick scan the LOP and Purity automatically check the box.

not noticing any issues

OTL logfile created on: 1/20/2013 9:36:37 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David's HP\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 66.99% Memory free
7.68 Gb Paging File | 6.22 Gb Available in Paging File | 81.07% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.78 Gb Total Space | 89.67 Gb Free Space | 38.69% Space Free | Partition Type: NTFS
Drive D: | 1.00 Gb Total Space | 0.98 Gb Free Space | 97.43% Space Free | Partition Type: FAT32
Drive F: | 3.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DAVES-6930P | User Name: David's HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/19 17:28:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David's HP\Desktop\OTL(1).exe
PRC - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/02/25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
PRC - [2009/07/15 11:05:24 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/15 11:05:16 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/02/23 18:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 12:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/03/12 14:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Services (SafeList) ==========

SRV:[b]64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/05/04 12:33:00 | 000,218,112 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV:64bit: - [2010/03/05 10:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 10:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 10:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/07/15 16:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2013/01/18 21:14:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 11:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC)
SRV - [2009/07/15 11:05:24 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/15 11:05:16 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/28 20:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/07/28 07:08:24 | 000,294,232 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2011/07/26 18:38:28 | 000,017,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn.sys -- (HBtnKey)
DRV:64bit: - [2011/06/03 13:34:10 | 010,628,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/18 13:47:41 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/21 12:11:36 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/02/21 12:11:36 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/18 02:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/06/03 18:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/18 08:07:26 | 000,306,280 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV:64bit: - [2010/05/05 08:43:24 | 000,032,352 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV:64bit: - [2010/04/07 15:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2010/02/25 14:18:58 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/01/13 11:15:54 | 000,070,344 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CBDisk.sys -- (CBDisk)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/23 11:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 16:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/10/09 02:34:32 | 001,875,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2007/08/08 16:39:46 | 000,060,928 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/03/07 12:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
DRV:64bit: - [2007/01/29 05:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2006/12/20 00:08:00 | 000,079,872 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121219100509
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/18 13:26:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/18 13:26:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 21:14:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/20 08:41:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/18 20:42:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/01/18 20:42:42 | 000,000,000 | ---D | M]

[2013/01/17 18:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Extensions
[2011/03/18 13:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/01/17 18:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions
[2013/01/17 18:15:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/01/17 18:15:58 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013/01/17 18:15:58 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2013/01/17 18:14:12 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/18 21:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/18 21:14:31 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/04 06:10:19 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2013/01/04 21:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/04 21:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=139&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5813307443614214&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DivX HiQ = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Users\David's HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/17 13:36:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O4:64bit: - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\David's HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{714B57E2-1594-4D0F-B2EE-FE056C10D83E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/20 08:38:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/20 08:38:12 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/20 08:37:28 | 000,499,092 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\David's HP\Desktop\JRT.exe
[2013/01/20 08:31:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/19 17:28:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David's HP\Desktop\OTL(1).exe
[2013/01/19 17:25:40 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\RK_Quarantine
[2013/01/18 21:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/18 20:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/18 20:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/18 20:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/18 20:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/01/18 20:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/18 20:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/01/18 20:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/01/18 20:41:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/17 16:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/01/17 15:47:06 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\GrantPerms
[2013/01/17 14:06:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/17 13:39:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/17 13:24:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/17 09:00:37 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\Draft files
[2013/01/17 08:42:00 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Documents\ProcAlyzer Dumps
[2013/01/16 22:28:06 | 002,712,200 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\David's HP\Desktop\procexp.exe
[2013/01/16 20:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/16 17:52:37 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\David's HP\Desktop\TFC.exe
[2013/01/14 12:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2012
[2013/01/14 12:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2012
[2013/01/14 12:27:23 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Desktop\H&R Block At Home Deluxe + State 2012
[2013/01/14 12:27:23 | 000,000,000 | ---D | C] -- C:\Users\David's HP\Documents\Amazon Downloader Logs
[2013/01/14 12:27:15 | 000,935,344 | ---- | C] (Amazon Services LLC) -- C:\Users\David's HP\Desktop\H_R_Block_At_Home_Deluxe_State_2012_Downloader.exe
[2013/01/14 11:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/01/13 09:27:02 | 000,000,000 | ---D | C] -- C:\Users\David's HP\AppData\Roaming\Bullzip
[2013/01/13 09:26:12 | 000,000,000 | ---D | C] -- C:\Users\David's HP\AppData\Local\Programs
[2013/01/13 09:25:25 | 000,000,000 | ---D | C] -- C:\Users\David's HP\AppData\Local\Coupon Companion Plugin
[2013/01/10 15:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird

========== Files - Modified Within 30 Days ==========

[2013/01/20 09:31:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/20 09:03:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 08:42:21 | 000,020,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 08:42:21 | 000,020,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 08:37:30 | 000,499,092 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\David's HP\Desktop\JRT.exe
[2013/01/20 08:35:10 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/20 08:34:53 | 3092,459,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/19 17:28:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David's HP\Desktop\OTL(1).exe
[2013/01/19 17:24:11 | 000,764,416 | ---- | M] () -- C:\Users\David's HP\Desktop\RogueKiller.exe
[2013/01/18 20:46:54 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/18 20:42:38 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/01/17 18:08:30 | 000,356,375 | ---- | M] () -- C:\Users\David's HP\Desktop\bookmarks.html
[2013/01/17 16:49:25 | 000,337,164 | ---- | M] () -- C:\Users\David's HP\Desktop\moreads.jpg
[2013/01/17 16:46:25 | 000,296,769 | ---- | M] () -- C:\Users\David's HP\Desktop\selectionlinks.jpg
[2013/01/17 16:22:11 | 000,085,325 | ---- | M] () -- C:\Users\David's HP\Desktop\google1.jpg
[2013/01/17 16:21:37 | 000,065,393 | ---- | M] () -- C:\Users\David's HP\Desktop\google2.jpg
[2013/01/17 16:16:09 | 000,872,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/17 16:16:09 | 000,728,404 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/17 16:16:09 | 000,147,430 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/17 15:51:01 | 000,257,218 | ---- | M] () -- C:\Users\David's HP\Desktop\sysmain.jpg
[2013/01/17 15:47:06 | 000,456,948 | ---- | M] () -- C:\Users\David's HP\Desktop\GrantPerms.exe
[2013/01/17 15:34:33 | 000,000,273 | ---- | M] () -- C:\WirelessDiagLog.csv
[2013/01/17 14:43:31 | 000,133,024 | ---- | M] () -- C:\Users\David's HP\Desktop\yahoomess.jpg
[2013/01/17 13:36:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/17 13:23:26 | 000,061,440 | ---- | M] ( ) -- C:\Users\David's HP\Desktop\VEW.exe
[2013/01/17 09:09:40 | 000,989,486 | ---- | M] () -- C:\Users\David's HP\Desktop\coupons_aol.dib
[2013/01/16 23:08:37 | 000,115,244 | ---- | M] () -- C:\Users\David's HP\Desktop\yahoomess.png
[2013/01/16 22:28:07 | 002,712,200 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\David's HP\Desktop\procexp.exe
[2013/01/16 21:23:17 | 000,554,087 | ---- | M] () -- C:\Users\David's HP\Desktop\AdwCleaner.exe
[2013/01/16 17:52:46 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\David's HP\Desktop\TFC.exe
[2013/01/14 12:37:15 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk
[2013/01/14 12:27:16 | 000,935,344 | ---- | M] (Amazon Services LLC) -- C:\Users\David's HP\Desktop\H_R_Block_At_Home_Deluxe_State_2012_Downloader.exe
[2013/01/13 09:24:11 | 000,635,864 | ---- | M] () -- C:\Users\David's HP\Desktop\cbsidlm-tr1_10a-PDF_Printer-SEO-10536746.exe
[2013/01/10 16:53:27 | 000,413,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 16:14:28 | 000,002,114 | ---- | M] () -- C:\Users\David's HP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/01/10 15:17:59 | 000,869,550 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/03 16:59:54 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDavid's HP.job

========== Files Created - No Company Name ==========

[2013/01/19 17:23:55 | 000,764,416 | ---- | C] () -- C:\Users\David's HP\Desktop\RogueKiller.exe
[2013/01/18 20:46:54 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/18 20:42:38 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/01/17 18:11:35 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/17 18:08:30 | 000,356,375 | ---- | C] () -- C:\Users\David's HP\Desktop\bookmarks.html
[2013/01/17 16:49:25 | 000,337,164 | ---- | C] () -- C:\Users\David's HP\Desktop\moreads.jpg
[2013/01/17 16:46:25 | 000,296,769 | ---- | C] () -- C:\Users\David's HP\Desktop\selectionlinks.jpg
[2013/01/17 16:22:11 | 000,085,325 | ---- | C] () -- C:\Users\David's HP\Desktop\google1.jpg
[2013/01/17 16:21:37 | 000,065,393 | ---- | C] () -- C:\Users\David's HP\Desktop\google2.jpg
[2013/01/17 15:51:00 | 000,257,218 | ---- | C] () -- C:\Users\David's HP\Desktop\sysmain.jpg
[2013/01/17 15:34:33 | 000,000,273 | ---- | C] () -- C:\WirelessDiagLog.csv
[2013/01/17 14:43:30 | 000,133,024 | ---- | C] () -- C:\Users\David's HP\Desktop\yahoomess.jpg
[2013/01/17 13:23:26 | 000,061,440 | ---- | C] ( ) -- C:\Users\David's HP\Desktop\VEW.exe
[2013/01/17 09:09:39 | 000,989,486 | ---- | C] () -- C:\Users\David's HP\Desktop\coupons_aol.dib
[2013/01/16 23:08:37 | 000,115,244 | ---- | C] () -- C:\Users\David's HP\Desktop\yahoomess.png
[2013/01/16 21:23:11 | 000,554,087 | ---- | C] () -- C:\Users\David's HP\Desktop\AdwCleaner.exe
[2013/01/14 12:37:15 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\H&R Block 2012.lnk
[2013/01/14 11:08:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/13 09:24:09 | 000,635,864 | ---- | C] () -- C:\Users\David's HP\Desktop\cbsidlm-tr1_10a-PDF_Printer-SEO-10536746.exe
[2012/07/05 14:27:30 | 000,002,530 | ---- | C] () -- C:\ProgramData\regid.2012-05.com.aciwebs,PCDrafter_0B98B203-BE55-4967-B3D7-2C2033182D1B.swidtag
[2011/05/21 08:29:19 | 000,000,000 | ---- | C] () -- C:\Users\David's HP\AppData\Local\{6D1CC7E6-7607-4664-97B8-C534FE82191C}
[2011/05/10 13:00:18 | 000,714,590 | ---- | C] () -- C:\Windows\unins001.exe
[2011/05/10 13:00:09 | 000,714,590 | ---- | C] () -- C:\Windows\unins000.exe
[2011/05/04 12:39:25 | 000,869,550 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/12 03:39:44 | 000,673,610 | ---- | C] () -- C:\Windows\unins002.exe
[2011/04/12 03:39:44 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\PreInstaller.exe
[2011/04/12 03:39:44 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\suuunin.exe
[2011/04/12 03:39:44 | 000,001,810 | ---- | C] () -- C:\Windows\unins002.dat
[2011/04/11 07:44:18 | 000,003,653 | ---- | C] () -- C:\Windows\unins001.dat
[2011/04/11 06:17:52 | 000,008,421 | ---- | C] () -- C:\Windows\unins000.dat
[2011/03/31 15:56:01 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2011/03/31 15:56:01 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/03/18 16:47:37 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/18 16:47:36 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/03/18 16:47:30 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/18 16:47:30 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/18 16:47:30 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/03/18 15:36:30 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/03/18 15:36:30 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/03/18 15:36:30 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/03/18 15:36:30 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/03/18 15:36:30 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/03/18 15:36:30 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/03/18 15:36:30 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/03/18 15:36:30 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/03/18 15:36:30 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/03/18 15:36:30 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/03/18 15:36:30 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/03/18 15:36:30 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/03/18 15:36:30 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/03/18 15:36:30 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/03/18 15:36:30 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/03/18 15:36:30 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/03/18 13:40:50 | 000,186,928 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011/03/18 13:40:50 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/13 09:27:02 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Bullzip
[2012/02/26 17:55:15 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Catalina Marketing Corp
[2011/03/24 15:11:31 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2013/01/19 17:22:06 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Dropbox
[2012/05/16 11:32:18 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Epson
[2012/10/16 16:50:11 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Foxit Software
[2011/07/23 14:33:14 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Notepad++
[2011/05/30 21:31:27 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\OfficeRecovery
[2011/03/31 16:02:12 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\pdf995
[2011/03/31 12:29:20 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Rovio
[2011/04/08 15:22:02 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Suunto
[2012/03/14 16:33:41 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\TaxCut
[2011/03/18 13:15:47 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\Thunderbird
[2011/09/23 07:05:19 | 000,000,000 | ---D | M] -- C:\Users\David's HP\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

========== Purity Check ==========



< End of report >
Satchfan
2013-01-20, 23:35
Things are looking better but not quite right yet.

Download and run ComboFix

Download Combofix from either of the links below, and save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

**Note: It MUST be saved directly to your desktop. Choose save as and then make sure you choose Desktop

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
when finished, it will produce a report for you.
please post the C:\ComboFix.txt for further review.


Satchfan
atcdav
2013-01-21, 02:26
ComboFix 13-01-17.04 - David's HP 01/20/2013 19:18:58.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3932.2390 [GMT -6:00]
Running from: c:\users\David's HP\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 )))))))))))))))))))))))))))))))
.
.
2013-01-20 18:03 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DE4C85C-7435-47C7-8A1C-459898EE83B4}\mpengine.dll
2013-01-20 14:38 . 2013-01-20 14:38 -------- d-----w- c:\windows\ERUNT
2013-01-20 14:38 . 2013-01-20 14:38 -------- d-----w- C:\JRT
2013-01-20 14:31 . 2013-01-20 14:31 -------- d-----w- C:\_OTL
2013-01-19 02:46 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-19 02:45 . 2013-01-19 02:45 -------- d-----w- c:\program files\iPod
2013-01-19 02:45 . 2013-01-19 02:46 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-19 02:45 . 2013-01-19 02:46 -------- d-----w- c:\program files\iTunes
2013-01-19 02:45 . 2013-01-19 02:46 -------- d-----w- c:\program files (x86)\iTunes
2013-01-19 02:42 . 2013-01-19 02:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-19 02:42 . 2013-01-19 02:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-19 02:42 . 2013-01-19 02:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-19 02:42 . 2013-01-19 02:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-19 02:42 . 2013-01-19 02:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-19 02:42 . 2013-01-19 02:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-19 02:42 . 2013-01-19 02:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-19 02:42 . 2013-01-19 02:42 -------- d-----w- c:\program files (x86)\QuickTime
2013-01-18 20:18 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-17 22:33 . 2013-01-20 14:25 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-01-17 02:33 . 2013-01-17 14:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-14 18:35 . 2013-01-14 18:36 -------- d-----w- c:\program files (x86)\HRBlock2012
2013-01-14 17:07 . 2013-01-14 17:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-01-13 15:27 . 2013-01-13 15:27 -------- d-----w- c:\users\David's HP\AppData\Roaming\Bullzip
2013-01-13 15:26 . 2009-07-14 01:41 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LXKPTPRC.DLL
2013-01-13 15:26 . 2013-01-13 15:26 -------- d-----w- c:\users\David's HP\AppData\Local\Programs
2013-01-13 15:25 . 2013-01-17 04:57 -------- d-----w- c:\users\David's HP\AppData\Local\Coupon Companion Plugin
2013-01-10 21:52 . 2013-01-10 22:14 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-01-10 21:01 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-10 21:01 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-10 21:01 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-10 21:01 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-10 21:01 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-10 21:01 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-10 21:01 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-10 21:01 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-10 21:01 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-10 21:00 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 21:51 . 2013-01-03 21:51 -------- d-----w- c:\users\Guest\AppData\Roaming\Foxit Software
2013-01-03 21:45 . 2013-01-03 21:45 -------- d-----w- c:\users\Guest\AppData\Roaming\Intel
2012-12-22 16:05 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 16:05 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 16:05 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 16:05 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 23:24 . 2012-05-11 21:35 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-12 23:23 . 2011-05-21 14:32 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-10 21:08 . 2011-03-18 17:58 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-11-30 00:24 . 2012-11-30 00:25 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{418F8CA5-9456-47CD-8EF4-2907E3577D00}\gapaengine.dll
2012-11-14 07:06 . 2012-12-13 20:57 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 20:57 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 20:57 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 20:58 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 20:57 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 20:58 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 20:58 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 20:57 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 20:57 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 20:57 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 20:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 20:57 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 20:57 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 20:58 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 20:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 20:58 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 20:57 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 20:58 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 20:57 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 20:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 20:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 20:58 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 20:55 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 20:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 20:54 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 20:54 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-23 22:56 . 2012-11-30 00:25 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-23 10:17 . 2011-03-18 19:01 285328 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\David's HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-3-18 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-09-29 75928]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2010-04-07 290008]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2011-03-18 7680512]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-18 1255736]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [2010-05-05 32352]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-01-13 70344]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-05-04 218112]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-15 2058776]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-06-23 56344]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2006-12-20 79872]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 11:03 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 11:42]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 11:42]
.
2013-01-03 c:\windows\Tasks\HPCeeScheduleForDavid's HP.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-05-25 343040]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-05-25 192512]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-15 358936]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 191.168.2.100
FF - ProfilePath - c:\users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - ExtSQL: 2013-01-17 18:14; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-17 18:15; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2013-01-17 18:15; {27c60876-b5c9-4335-b4f3-52b26782220c}; c:\users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
FF - ExtSQL: 2013-01-17 18:15; adblockpopups@jessehakanen.net; c:\users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\adblockpopups@jessehakanen.net.xpi
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-SUUVCOMM&10C4&80F6 - c:\program files (x86)\Suunto\SuuntoUSB\DriverUninstaller.exe VCP CP210x Cardinal\SUUVCOMM&10C4&80F6
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-20 19:25:39
ComboFix-quarantined-files.txt 2013-01-21 01:25
.
Pre-Run: 93,352,747,008 bytes free
Post-Run: 93,047,242,752 bytes free
.
- - End Of File - - CCFA57554AC50F00D36A6AE115DDD962
Satchfan
2013-01-21, 09:47
That looks OK.


Run Malwarebytes-Anti-Malware

Click here (http://www.filehippo.com/download_malwarebytes_anti_malware/).

double-click mbam-setup.exe and follow the prompts to install the program.
at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
if an update is found, it will download and install the latest version.
once the program has loaded, select Perform quick scan, then click Scan.
when the scan is complete, click OK, then Show Results to view the results.
be sure that everything is checked, and click Remove Selected.
when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan (http://www.eset.com/online-scanner)

1. Click the Eset online Scanner button.
2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
• Double click on the Eset installer icon on your desktop.3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Accept any security warnings from your browser.
6. Check Scan archives
7. Push the Start button.
8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
9. When the scan completes, push List of found threats
10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - if ESET doesn't find any threats, no report will be created.
11. Push the back button.
12. Push Finish
If a log has been produced post it in your next reply.

Logs to include with the next post:

Mbam.txt
Eset result

Can you tell me if there are any outstanding problems and if you managed to reset your home page OK.

Satchfan
atcdav
2013-01-21, 15:41
When I ran ESET, I had to return to work, so hit "switch user" to go to sign in screen as to not leave my laptop alone and logged in. When I returned the laptop was froze. I had to do a hard restart and the laptop ran scan disc, but nothing amiss. I tried ti run ESET earlier in the process and it never finished the scan which is probably why you saw the ESET errors. I would rather not try ESET again.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.21.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David's HP :: DAVES-6930P [administrator]

1/21/2013 7:22:27 AM
mbam-log-2013-01-21 (07-22-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237542
Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
atcdav
2013-01-21, 15:43
I had reset IE before your initial contact with me, it seems fine. I had uninstalled firefox, including bookmarks and personal data and then reinstalled, that seemed to fix the formatting issue of the browser. I haven't noticed any issues lately
Satchfan
2013-01-21, 16:37
I would really like to see the results of an online scan to make sure that everything is as it should be.

Lets try a different one instead:

Before running it please note:

this scan MUST be performed using Internet Explorer
it can take up to an hour or longer, so please be patient
it is recommended that you disable your onboard antivirus program and antispyware programs while performing scans to eliminate software conflicts and to speed up scan time
DO NOT surf the net while your resident protection is disabled!
once the scan is finished remember to re-enable your resident antivirus protection along with whatever antispyware applications you use.

Run the scan

perform an online scan with Panda Active Scan 2.0 by clicking here (http://www.pandasecurity.com/homeusers/solutions/activescan/)
click on the Scan Your PC Now button
click on the Scan now button and follow the instructions (you may have to install an active X component)
should you be required to register, click on Register
choose the option you like most, but we recommend Free Active Scan 2.0 (requires registration)
click on Register
enter your e-mail address and create a password.

select "I do not want to receive any type of information" (unless you want to receive such information).
click on Send
confirm your registration and continue by entering your user name and password, then click on Enter
select Full Scan, then click on Scan Now.

wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading
jf the scan finds any malware it can disinfect, the “Disinfect” button will be enabled. Click on Disinfect
please ignore the offer to buy the program
click on the Export To button to export the log and save it to your desktop.

Please post the contents of the log in your next reply.
atcdav
2013-01-21, 22:33
I thought I would try ESET one more time. I didnt want to both with registering for Panda. All seemed fine for close to an hour, nothing found, I walk away from laptop and when I returned it had restarted. I log in and get a message the computer recovered from unexpected shutdown., no log from scan so i assume scan did not finish. I have all timeout features disabled on laptop. I will try PAnda I guess. ESET just doesnt seem to work for me.
Satchfan
2013-01-21, 22:43
Don't fret too much about which to use.

Microsoft Security Essentials is capable of picking up anything that may be left so as that is your resident antivirus, update and use that.
atcdav
2013-01-22, 00:38
;***********************************************************************************************************************************************************************************
ANALYSIS: 2013-01-21 17:36:54
PROTECTIONS: 1
MALWARE: 23
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Microsoft Security Essentials No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\4bibrd31.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\low\z3m4oebl.txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\oawi8k1e.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\eztp0684.txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\low\guest@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\m79t1t7x.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\low\guest@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@apmebf[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@bs.serving-sys[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\0cxeoar7.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\tlflzn0s.txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\tuodev29.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@realmedia[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\48c65l2p.txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@go[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\o0i88215.txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\4tss3ozd.txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@www6.addfreestats[1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@citi.bridgetrack[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Satchfan
2013-01-22, 00:43
Good job. MSE seems to also indicate that all is clear.

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:


Uninstall Combofix

Follow these steps to uninstall Combofix

click START then RUN
now type Combofix /uninstall in the runbox and click OK.
Note the space between the X and the /, it needs to be there.
http://i944.photobucket.com/albums/ad283/Ninamf/WTT/CFuninstall.jpg

please follow the prompts to uninstall Combofix.
once it's finished uninstalling itself you will receive a message saying Combofix was uninstalled successfully.

===================================================

Uninstall OTL

Double-click OTL.exe
Click the CleanUp! button.
Select Yes when the Begin cleanup Process? prompt appears.
If you are prompted to reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

You can just delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Java

The versions you had were old and therefore vulnerable to infections

You can install the latest version of Java from here (http://www.java.com/en/download/manual.jsp)

Remember to regularly check for new versions.

===================================================

Recommended programs

You have three of the programs that I usually recommend already installed:

SpywareBlaster, which protects against bad ActiveX by immunising your PC against them. It also blocks over 11,000 bad sites and uses no resources of your computer.

Spybot - Search and Destroy and Malwarebytes.


You should scan your computer with Spybot and Malwarebytes on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker (http://www.filehippo.com/updatechecker/FHsetup.exe) is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

MVPS Hosts (http://winhelp2002.mvps.org/hosts.htm) file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

===================================================

I also recommend that you read the following:

How to prevent malware (http://miekiemoes.blogspot.com/2008/02/how-to-prevent-malware.html) by miekiemoes

Safe computing

Satchfan
atcdav
2013-01-22, 00:56
thank you for your help
Satchfan
2013-01-22, 08:54
thank you for your help You're welcome.