Redirect Problems

**WistfulSparrow** · 2012-07-29, 00:36

OTL logfile created on: 7/28/2012 3:16:33 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Chrissy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.60 Gb Total Physical Memory | 5.43 Gb Available Physical Memory | 71.38% Memory free
15.20 Gb Paging File | 12.82 Gb Available in Paging File | 84.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.16 Gb Total Space | 158.19 Gb Free Space | 35.38% Space Free | Partition Type: NTFS
Drive D: | 14.43 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.10 Gb Free Space | 27.74% Space Free | Partition Type: FAT32
Drive G: | 5.00 Gb Total Space | 4.96 Gb Free Space | 99.27% Space Free | Partition Type: FAT32

Computer Name: CHRISSY-HP | User Name: Chrissy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chrissy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)

========== Modules (No Company Name) ==========

MOD - C:\Users\Chrissy\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant.Localization\6.0.1.1__a2352a4c73e11587\HP.SupportAssistant.Localization.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant.Engine\6.0.1.1__e1eab6ede003577a\HP.SupportAssistant.Engine.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.Logging\1.0.0.0__a5a013d267b3a679\HP.SupportFramework.Logging.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant.Common\6.0.1.1__41bdec5abf54f6dc\HP.SupportAssistant.Common.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant.ServiceManager\6.0.1.1__afd7346f05a57c11\HP.SupportAssistant.ServiceManager.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.Communicator\1.0.0.0__370cd15173f7ac8f\HP.SupportFramework.Communicator.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTUPnPSv) -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (CTDevice_Srv) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)

========== Driver Services (SafeList) ==========

DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2E9DE346-6EAF-457D-804A-D41EB7C81751}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2E9DE346-6EAF-457D-804A-D41EB7C81751}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 A6 7B 42 D3 6A CD 01 [binary data]
IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\..\SearchScopes\{2E9DE346-6EAF-457D-804A-D41EB7C81751}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Android\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/17 04:28:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 02:36:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1D1F9AA1-CCAC-11E1-8270-B8AC6F996F26}: C:\Users\Chrissy\AppData\Local\{1D1F9AA1-CCAC-11E1-8270-B8AC6F996F26}\ [2012/07/12 22:32:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 02:36:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/06 20:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrissy\AppData\Roaming\Mozilla\Extensions
[2012/07/24 16:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrissy\AppData\Roaming\Mozilla\Firefox\Profiles\lv5dz891.default\extensions
[2012/07/16 12:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/16 12:38:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/12 22:32:20 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\CHRISSY\APPDATA\LOCAL\{1D1F9AA1-CCAC-11E1-8270-B8AC6F996F26}
[2011/12/24 21:15:34 | 000,059,201 | ---- | M] () (No name found) -- C:\USERS\CHRISSY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LV5DZ891.DEFAULT\EXTENSIONS\{6BFD307A-C040-11DA-9749-FB1C850B47DF}.XPI
[2011/12/07 04:27:22 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\CHRISSY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LV5DZ891.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/03/28 01:41:15 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\CHRISSY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LV5DZ891.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/07/19 02:36:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/15 16:17:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/15 16:17:38 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/26 13:11:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Android\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002..\Run: [SoftAuto.exe] C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{738D214A-AF36-4AFD-909E-6BDFE261A59A}: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 14:39:58 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Chrissy\Desktop\OTL.exe
[2012/07/27 19:39:14 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chrissy\Desktop\TDSSKiller.exe
[2012/07/26 13:20:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/26 13:12:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/26 01:31:54 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/25 19:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/25 19:00:44 | 000,000,000 | ---D | C] -- C:\Users\Chrissy\AppData\Roaming\Malwarebytes
[2012/07/25 19:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/25 18:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/25 18:59:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/25 18:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/25 18:50:36 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2012/07/24 15:32:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/24 15:32:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/24 15:32:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/24 15:31:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/24 15:28:53 | 004,584,441 | R--- | C] (Swearware) -- C:\Users\Chrissy\Desktop\ComboFix.exe
[2012/07/23 22:57:44 | 000,000,000 | ---D | C] -- C:\Users\Chrissy\AppData\Local\SoftGrid Client
[2012/07/23 22:57:39 | 000,000,000 | ---D | C] -- C:\Users\Chrissy\AppData\Roaming\SoftGrid Client
[2012/07/23 22:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/07/23 22:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/07/23 22:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/07/23 22:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012/07/23 22:55:47 | 000,000,000 | ---D | C] -- C:\Users\Chrissy\AppData\Roaming\TP
[2012/07/23 17:20:54 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012/07/23 17:20:54 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012/07/23 16:07:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/07/23 16:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/23 16:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/07/19 03:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/19 02:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/19 01:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/19 01:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/19 01:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/17 06:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/17 06:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/17 04:56:43 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/07/17 04:29:01 | 000,000,000 | ---D | C] -- C:\Users\Chrissy\AppData\Roaming\AVG2012
[2012/07/17 04:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/07/17 04:28:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/07/17 04:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/17 04:27:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/07/17 04:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/07/17 04:23:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/17 04:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/16 12:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/07/12 22:32:20 | 000,000,000 | ---D | C] -- C:\Users\Chrissy\AppData\Local\{1D1F9AA1-CCAC-11E1-8270-B8AC6F996F26}
[2012/07/01 00:08:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\YouCam
[2012/07/01 00:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2012/06/28 17:16:24 | 000,000,000 | ---D | C] -- C:\Users\Chrissy\AppData\Local\{38CEB3DC-F3A9-43B6-9EC9-810F80DCBD47}

========== Files - Modified Within 30 Days ==========

[2012/07/28 15:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/28 15:18:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/28 14:39:58 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Chrissy\Desktop\OTL.exe
[2012/07/28 13:10:21 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/28 13:08:08 | 102,354,748 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/28 13:04:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/28 03:54:47 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 03:54:47 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 03:47:59 | 000,774,616 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/28 03:47:59 | 000,661,292 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/28 03:47:59 | 000,121,930 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/28 03:47:29 | 000,774,616 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/28 01:31:10 | 000,119,933 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/27 16:00:56 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/07/26 17:21:54 | 1827,725,311 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/26 13:11:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/25 19:00:00 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/24 15:29:00 | 004,584,441 | R--- | M] (Swearware) -- C:\Users\Chrissy\Desktop\ComboFix.exe
[2012/07/24 13:42:43 | 000,000,512 | ---- | M] () -- C:\Users\Chrissy\Documents\MBR.dat
[2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chrissy\Desktop\TDSSKiller.exe
[2012/07/23 16:06:35 | 000,001,108 | ---- | M] () -- C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/07/23 16:06:24 | 000,000,928 | ---- | M] () -- C:\Users\Chrissy\Desktop\NTREGOPT.lnk
[2012/07/23 16:06:23 | 000,000,909 | ---- | M] () -- C:\Users\Chrissy\Desktop\ERUNT.lnk
[2012/07/23 15:59:33 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChrissy.job
[2012/07/19 01:12:07 | 000,001,286 | ---- | M] () -- C:\Users\Chrissy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/19 01:12:07 | 000,001,262 | ---- | M] () -- C:\Users\Chrissy\Desktop\Spybot - Search & Destroy.lnk
[2012/07/17 06:19:24 | 000,064,682 | ---- | M] () -- C:\Users\Chrissy\Documents\cc_20120717_061906.reg
[2012/07/17 06:17:38 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/17 04:35:07 | 000,625,911 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/07/17 04:28:38 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/17 04:28:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/17 04:28:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/07/17 04:28:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/16 01:33:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2012/07/12 11:39:14 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/29 17:30:21 | 002,754,833 | ---- | M] () -- C:\Users\Chrissy\Desktop\20120514_214109.jpg
[2012/06/29 17:24:43 | 003,699,953 | ---- | M] () -- C:\Users\Chrissy\Desktop\20120609_144140.jpg

========== Files Created - No Company Name ==========

[2012/07/28 13:08:08 | 102,354,748 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/28 01:31:09 | 000,119,933 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/25 19:00:00 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/24 15:32:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/24 15:32:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/24 15:32:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/24 15:32:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/24 15:32:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/24 13:42:43 | 000,000,512 | ---- | C] () -- C:\Users\Chrissy\Documents\MBR.dat
[2012/07/23 16:06:35 | 000,001,108 | ---- | C] () -- C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/07/23 16:06:24 | 000,000,928 | ---- | C] () -- C:\Users\Chrissy\Desktop\NTREGOPT.lnk
[2012/07/23 16:06:23 | 000,000,909 | ---- | C] () -- C:\Users\Chrissy\Desktop\ERUNT.lnk
[2012/07/19 01:12:07 | 000,001,286 | ---- | C] () -- C:\Users\Chrissy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/19 01:12:07 | 000,001,262 | ---- | C] () -- C:\Users\Chrissy\Desktop\Spybot - Search & Destroy.lnk
[2012/07/17 06:19:11 | 000,064,682 | ---- | C] () -- C:\Users\Chrissy\Documents\cc_20120717_061906.reg
[2012/07/17 06:17:38 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/17 04:35:07 | 000,625,911 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/07/17 04:28:38 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/17 04:28:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/17 04:28:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/07/17 04:28:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/16 01:33:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2012/06/29 17:30:20 | 002,754,833 | ---- | C] () -- C:\Users\Chrissy\Desktop\20120514_214109.jpg
[2012/06/29 17:24:42 | 003,699,953 | ---- | C] () -- C:\Users\Chrissy\Desktop\20120609_144140.jpg
[2012/06/01 07:31:34 | 000,026,024 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2012/01/31 02:56:09 | 000,774,616 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/09/26 01:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/26 01:50:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/07/05 11:47:06 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/06/09 19:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/13 07:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/03/18 02:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

========== LOP Check ==========

[2012/07/17 04:29:01 | 000,000,000 | ---D | M] -- C:\Users\Chrissy\AppData\Roaming\AVG2012
[2012/03/02 17:26:51 | 000,000,000 | ---D | M] -- C:\Users\Chrissy\AppData\Roaming\calibre
[2011/12/31 18:49:23 | 000,000,000 | ---D | M] -- C:\Users\Chrissy\AppData\Roaming\Origin
[2011/12/31 03:15:28 | 000,000,000 | ---D | M] -- C:\Users\Chrissy\AppData\Roaming\Samsung
[2012/07/24 15:49:40 | 000,000,000 | ---D | M] -- C:\Users\Chrissy\AppData\Roaming\SoftGrid Client
[2011/12/06 18:43:54 | 000,000,000 | ---D | M] -- C:\Users\Chrissy\AppData\Roaming\Synaptics
[2012/05/20 23:24:53 | 000,000,000 | ---D | M] -- C:\Users\Chrissy\AppData\Roaming\Temp
[2012/07/23 22:58:09 | 000,000,000 | ---D | M] -- C:\Users\Chrissy\AppData\Roaming\TP
[2012/07/28 14:40:13 | 000,000,000 | ---D | M] -- C:\Users\Chrissy\AppData\Roaming\uTorrent
[2012/03/20 19:03:48 | 000,000,000 | ---D | M] -- C:\Users\Chrissy\AppData\Roaming\Windows Live Writer
[2012/04/11 22:21:56 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Synaptics
[2009/07/13 22:08:49 | 000,019,904 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2011/07/23 13:33:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/07/23 13:33:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/07/23 13:33:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/07/23 13:33:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/07/23 13:33:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/07/23 13:33:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/07/23 13:33:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< End of report >

**WistfulSparrow** · 2012-07-29, 00:37

OTL Extras logfile created on: 7/28/2012 2:43:03 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Chrissy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.60 Gb Total Physical Memory | 5.60 Gb Available Physical Memory | 73.72% Memory free
15.20 Gb Paging File | 12.96 Gb Available in Paging File | 85.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.16 Gb Total Space | 158.10 Gb Free Space | 35.36% Space Free | Partition Type: NTFS
Drive D: | 14.43 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.10 Gb Free Space | 27.74% Space Free | Partition Type: FAT32
Drive G: | 5.00 Gb Total Space | 4.96 Gb Free Space | 99.27% Space Free | Partition Type: FAT32

Computer Name: CHRISSY-HP | User Name: Chrissy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0716D938-603E-4BC6-AB60-CB34DB910CC4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0758D4CC-351A-44D5-949D-8DB8FE96229E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{194CBA75-02A9-4367-A4BB-FCC0ED80B6A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1AB7BA53-061B-4FEB-BF97-DCEED9B5D060}" = lport=138 | protocol=17 | dir=in | app=system |
"{3295D406-5727-4EAC-B3E2-1C7F3BB45ED9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{447111A1-3104-47D2-907C-5F06395554DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{459481FE-E5C1-421E-86E6-FC3A2A9BF02B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4950ED03-3633-4551-9527-8C9592DC7A8E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{67071C02-A0E6-48C0-A9CA-8B1D19095598}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D6E028C-0578-41F9-8DD1-43D7AAB32176}" = lport=139 | protocol=6 | dir=in | app=system |
"{6F4DF34E-8880-4C77-837F-F2A727A856EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{713FE878-91B1-4F5E-9562-DE391AD13A4C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78B275A9-7F27-4B9C-90F1-433139EA2068}" = lport=445 | protocol=6 | dir=in | app=system |
"{876DA843-7FB2-4947-964C-04D62E8536DE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{882F97AE-1C31-468E-B496-8594E0A3AB7D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A400B171-CDEA-4AE6-AC2C-471F1DCC74E7}" = rport=139 | protocol=6 | dir=out | app=system |
"{B761FD5E-270C-4F35-AC58-255EAF92947D}" = rport=445 | protocol=6 | dir=out | app=system |
"{B8F07ED3-B779-4560-8977-DB8ECC9498E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE6A44F4-A40E-4679-97AB-7599DA33575E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C249E1DD-2D2D-47FA-B26F-CC3D0826C5D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{E4BE0A03-D760-4D67-BD0E-0BE33F37542D}" = lport=137 | protocol=17 | dir=in | app=system |
"{E5B1C71C-4C62-42A3-81E6-377F6B99FD6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8A71411-0F78-4F46-9A6D-C6B2B167F440}" = rport=138 | protocol=17 | dir=out | app=system |
"{EB1FBCE3-A030-4944-8A95-56EE1C6BC846}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EEF3332B-BC86-4D53-9E8E-C744AA9D3DDF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06724959-68DD-48CB-9C8D-6B6ECE5BD814}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0DBD7E23-244D-4E86-91AE-49C493C88B70}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1248A105-6E58-45EE-B9D8-B3585A311817}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19FDFEBE-8CDD-4C23-872C-460737300CEE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1E4B6A18-0406-44DE-8DF9-B6606DB48B29}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{25043529-368E-4272-A276-A04CD193833B}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{2893A6F3-E661-4DCD-BCB1-F38FFDB74D2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2DE580B0-2CEC-455D-96DF-1A7F6CBD6ECC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{38B0647D-B6A6-4BE5-836E-DF804B38E4D1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgwdsvc.exe |
"{3B2C8C57-46B2-4FAC-835F-DAC17E94B498}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40AB2A1C-568E-4FA9-BEAC-84ACBB7E690C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45CCA853-2A6C-47A9-916D-01E0B2C105DE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{4916F6F7-A963-41E9-B4C4-AD9BBEF92E33}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{4AAE85F6-E32D-482B-A027-47309B15B33C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4C30B963-AD91-4355-A144-400FB336D383}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{57469D70-DABA-4E4D-ABA8-7C9D2CAC5350}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{59CA5D7D-E4E0-42F7-822F-AC4DCCEC19C3}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{642F8A97-865B-47FA-BAFB-C2E227887764}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A79ECD4-D8A4-4347-8420-A15EEE28F0B2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6C129716-82F9-44DE-9656-8D289E009F98}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6D225558-7B60-491A-8A5E-81353597F03B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{70174A77-01E1-4857-87D5-1EA3D823A097}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{72C0F6FA-2E35-42D8-BFEA-13ECB3770889}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{75B6E218-D8CC-431B-A4A6-4B6FBF578FBF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{81818F6C-60CD-4C9B-A959-63427105B23C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8B4376BC-E1E3-497D-9EED-8B1A8800EAE3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{8E01F157-649C-4F40-B621-D7531B20A8FA}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{90C26D2C-BA0D-4806-AEA2-7E02B5830378}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{92FF1511-020B-412D-B5CB-447BFFC798AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A97393E7-2EF9-4962-BB58-E2764963F1AD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BD68C36E-A25B-4D40-954F-39B9F9CA3EFE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C123CD98-2926-4D2C-B5BF-320AAE9C5DD7}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C1364659-28E9-41BF-ADE2-EE8A35C3FF78}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C388F74E-22A4-4D86-A8DF-DB18FB369CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D68CB5F1-3FED-4AB6-B64B-33FEDC503E4E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgwdsvc.exe |
"{D8263742-043E-4EEF-A82E-80185CAB9E81}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA5E53AA-341B-42EE-B007-7722EFFEEE75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC13D25C-E3DD-4E6B-BFA4-2211781B207F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E0D3A886-0CEC-4909-9175-03DC03203131}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E7C1A754-B934-40C9-B129-E1B964A995B6}" = protocol=6 | dir=out | app=system |
"{EAB8225D-EA6E-4F72-9544-F5D4383C70F2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EE12189A-3AA1-43F7-A06E-89C7AC914702}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{EE92F9DF-E877-43EF-B215-6080184B7211}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EEB92102-61CF-45B9-BFA5-2801DDE845AB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2911A85-51A7-4E0E-ABD3-85EA83C11256}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F6688F3A-A7C8-48B4-8E6B-28C7EF6B4FC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{234FDC1F-508D-43C3-B883-B177C18141C3}C:\users\chrissy\desktop\tinyumbrella-5.10.06.exe" = protocol=6 | dir=in | app=c:\users\chrissy\desktop\tinyumbrella-5.10.06.exe |
"UDP Query User{21D1A438-DEB4-4866-92AE-CA61550DB664}C:\users\chrissy\desktop\tinyumbrella-5.10.06.exe" = protocol=17 | dir=in | app=c:\users\chrissy\desktop\tinyumbrella-5.10.06.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ACD449FA-9DF3-779D-DA68-11D486963225}" = AMD Catalyst Install Manager
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBA2849B-6C95-9FD2-7ACC-BF456F1958AA}" = AMD Media Foundation Decoders
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15412249-0AFA-D2A1-E7E2-E57AE1A96781}" = CCC Help Swedish
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EAB36E-A979-0870-F58F-6F4F34017D29}" = CCC Help Chinese Traditional
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{252FC4D1-4056-7237-6B19-4C66D0CF45A9}" = CCC Help Dutch
"{25F3EC6C-BB03-4CEB-B36C-E656A9DD149E}" = HP Documentation
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5FE625A7-E8D6-2E41-4693-F6AC6310C467}" = CCC Help Polish
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F076041-F337-5F67-75E7-6C1324D43EC6}" = CCC Help Japanese
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FA82763-D04B-A656-159B-BD8847176377}" = CCC Help Russian
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{955CB8C1-F5F9-B649-FC65-FD65F9EC0459}" = CCC Help Korean
"{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework
"{97E33108-2206-087B-9399-29F5201AAC98}" = CCC Help Portuguese
"{999164B6-5B78-4DD3-BACE-7292640AD0DD}" = HP QuickWeb
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F17D6A-12A3-5403-6050-32A5B4A31F31}" = Catalyst Control Center InstallProxy
"{B898ABBB-4723-84B5-04C4-32A15F9DBD48}" = CCC Help Chinese Standard
"{B91459FD-63A9-71E3-68F1-82352B0892B3}" = Catalyst Control Center Localization All
"{BEDC570A-C947-D0C8-3014-A1EAA042779D}" = CCC Help Turkish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2EE0EA6-826F-63EA-8751-E2F3714DBA40}" = CCC Help Thai
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7670221-BF9B-4DFF-B26B-5BE55A87329F}" = HP On Screen Display
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F833B666-1D46-4C21-8A2F-DF2080995741}" = calibre
"{F8FBF4C7-5ADA-66B1-6509-09E05C257963}" = CCC Help Norwegian
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Android SDK Tools" = Android SDK Tools
"Creative Centrale" = Creative Centrale
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-040f9784-63f3-4f3e-bd40-1f2a0d8ba6c3" = Mystery of Mortlake Mansion
"WTA-04313254-a794-4c26-9c59-99d35637cc4a" = Poker Superstars III
"WTA-0f534765-bc84-4ade-9cae-c8e928af7749" = FATE
"WTA-0fc7fff4-9218-4898-bd6c-0011c82f799d" = Namco All-Stars: PAC-MAN
"WTA-1a4cf227-ef37-4f42-ad9b-e444dd09c946" = Zuma Deluxe
"WTA-1ee7d6ce-d3d1-46f9-a78a-3bc763fcda9a" = Plants vs. Zombies - Game of the Year
"WTA-32458b74-cad2-46f4-850c-a53230b6e2f7" = Cake Mania
"WTA-337e8765-baaf-4d1b-926a-8a82e5f12da5" = Vacation Quest - The Hawaiian Islands
"WTA-407d98c4-18fc-4ef7-9a97-5a0f2d41b8b5" = Slingo Supreme
"WTA-474094c4-3a4a-4ab9-84af-696becc4a8ee" = Chronicles of Albian
"WTA-4d373d96-4703-490f-9b29-6c81c5d101ab" = Virtual Villagers 5 - New Believers
"WTA-50b62549-7aac-49f1-a53c-6e4e9cd8f102" = Bounce Symphony
"WTA-547178c5-1c36-4c48-b086-f8c624ad8436" = Polar Golfer
"WTA-6eb48837-6c85-43b7-8d75-8665dc4d8c00" = Cradle of Rome 2
"WTA-7108fa79-639f-429d-8b6f-0eef5dbfeec7" = Bejeweled 3
"WTA-799782d6-41a5-4b59-886b-3a656cfdd83f" = Penguins!
"WTA-7e99e67d-5ac1-4b86-94d3-2641f000878c" = Blackhawk Striker 2
"WTA-9082177a-eff6-4fc1-a3fa-a08db2a4da78" = Agatha Christie - Peril at End House
"WTA-960f3a8e-e3b7-4af9-b4d2-6ef888e120e2" = Farm Frenzy
"WTA-9c1fc5cb-3521-464e-b3f7-8ee2e9b25bbf" = Mah Jong Medley
"WTA-a9cd5358-027c-41a9-8c8d-3b4af2c8c7e8" = Chuzzle Deluxe
"WTA-c82b8bad-2c52-469e-bcce-b952cd161642" = Polar Bowler
"WTA-d0695586-6f54-4021-bb3a-dc5d458bb041" = Governor of Poker 2 Premium Edition
"WTA-da2aa372-86b7-4a5a-90f4-2a11efffa968" = Blasterball 3
"WTA-f1ca1cd9-ae6d-48bb-b8bb-f747d5df9934" = Jewel Quest: The Sleepless Star - Collector's Edition
"ZENMozaicEZUG" = Creative ZEN Mozaic EZ Series Documentation

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2012 1:08:20 PM | Computer Name = Chrissy-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/21/2012 1:08:20 PM | Computer Name = Chrissy-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1419

Error - 7/21/2012 1:08:20 PM | Computer Name = Chrissy-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1419

Error - 7/22/2012 5:52:11 AM | Computer Name = Chrissy-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/22/2012 5:52:11 AM | Computer Name = Chrissy-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1498

Error - 7/22/2012 5:52:11 AM | Computer Name = Chrissy-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1498

Error - 7/22/2012 6:10:44 AM | Computer Name = Chrissy-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/22/2012 6:10:44 AM | Computer Name = Chrissy-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1544

Error - 7/22/2012 6:10:44 AM | Computer Name = Chrissy-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1544

Error - 7/22/2012 3:03:17 PM | Computer Name = Chrissy-HP | Source = Application Error | ID = 1000
Description = Faulting application name: STacSV64.exe, version: 1.0.6341.0, time
stamp: 0x4ddf1a4c Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc000000d Fault offset: 0x00000000000737e2 Faulting
process id: 0x440 Faulting application start time: 0x01cd6614d0fb67dc Faulting application
path: C:\Program Files\IDT\WDM\STacSV64.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: e4d57d58-d42f-11e1-b164-441ea1e37859

[ Hewlett-Packard Events ]
Error - 4/15/2012 8:31:05 PM | Computer Name = Chrissy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/f45a5348_012a_459f_8e22_0a5ca2475884/5nfbfbbptxpbs5hhsj2lrtzc_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 7785 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

Error - 4/22/2012 9:27:37 PM | Computer Name = Chrissy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/f45a5348_012a_459f_8e22_0a5ca2475884/9_6snlt6fekrtpnoxdeg9gra_12.rem'
has been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 7785 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

Error - 5/13/2012 8:39:55 PM | Computer Name = Chrissy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/be1222f9_1233_46e6_8619_29d7d88ebd46/wks7gj64f6ujpnkya6h7zgwg_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 7785 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

Error - 5/13/2012 8:40:27 PM | Computer Name = Chrissy-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/28/2012 1:02:42 PM | Computer Name = Chrissy-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/28/2012 4:45:56 PM | Computer Name = Chrissy-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 6/10/2012 8:10:53 PM | Computer Name = Chrissy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/2a4280ff_79c4_4dd3_8ef6_1b58d2b0aa63/nnivitakpcupqs+4g5ejcpg0_61.rem'
has been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 7785 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

Error - 6/28/2012 5:21:24 AM | Computer Name = Chrissy-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 6/28/2012 5:21:27 AM | Computer Name = Chrissy-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/22/2012 8:12:07 PM | Computer Name = Chrissy-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 5/13/2012 8:29:51 PM | Computer Name = Chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/05/13 17:29:51.964|000011F0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/13/2012 8:40:24 PM | Computer Name = Chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/05/13 17:40:24.004|00000EEC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/13/2012 8:40:27 PM | Computer Name = Chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/05/13 17:40:27.865|000017B8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/20/2012 10:39:08 PM | Computer Name = Chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/05/20 19:39:08.665|000016C8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/20/2012 10:41:27 PM | Computer Name = Chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/05/20 19:41:27.679|00000CFC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/20/2012 10:41:38 PM | Computer Name = Chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/05/20 19:41:38.673|00001598|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/20/2012 10:41:55 PM | Computer Name = Chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/05/20 19:41:55.483|00000FBC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/20/2012 10:42:12 PM | Computer Name = Chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/05/20 19:42:11.998|00000F50|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/20/2012 10:42:24 PM | Computer Name = Chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/05/20 19:42:24.038|00000C78|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/27/2012 8:58:33 PM | Computer Name = Chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/05/27 17:58:33.465|000010F8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ System Events ]
Error - 7/17/2012 3:44:24 PM | Computer Name = Chrissy-HP | Source = DCOM | ID = 10010
Description =

Error - 7/19/2012 6:31:04 AM | Computer Name = Chrissy-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126

Error - 7/19/2012 6:31:29 AM | Computer Name = Chrissy-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 7/19/2012 6:33:03 AM | Computer Name = Chrissy-HP | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 7/19/2012 6:33:03 AM | Computer Name = Chrissy-HP | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 7/19/2012 8:26:11 AM | Computer Name = Chrissy-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 7/19/2012 8:26:11 AM | Computer Name = Chrissy-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 7/19/2012 8:26:12 AM | Computer Name = Chrissy-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 7/19/2012 8:26:12 AM | Computer Name = Chrissy-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 7/19/2012 8:26:13 AM | Computer Name = Chrissy-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

< End of report >

**jeffce** · 2012-07-29, 05:42

Hi,

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

If you are running Malwarebytes 1.6 or better, please disable it for the duration of this run.

To disable Malwarebytes

Open the scanner and select the Protection tab
Remove the tick from "Start Protection Module with Windows" as seen below

Once complete continue with the instructions...
----------

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:Services

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2E9DE346-6EAF-457D-804A-D41EB7C81751}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 A6 7B 42 D3 6A CD 01 [binary data]
IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\..\SearchScopes\{2E9DE346-6EAF-457D-804A-D41EB7C81751}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3340581128-3994865209-2016763806-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------

In your next reply please post the logs made by OTL and let me know how your system is behaving.

**WistfulSparrow** · 2012-07-29, 08:56

OTL logfile created on: 7/28/2012 11:41:34 PM - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Chrissy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.60 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 76.11% Memory free
15.20 Gb Paging File | 13.26 Gb Available in Paging File | 87.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.16 Gb Total Space | 157.99 Gb Free Space | 35.33% Space Free | Partition Type: NTFS
Drive D: | 14.43 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.10 Gb Free Space | 27.74% Space Free | Partition Type: FAT32

Computer Name: CHRISSY-HP | User Name: Chrissy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chrissy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)

========== Modules (No Company Name) ==========

MOD - C:\Users\Chrissy\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7ce183c1bf9fef5fd29cddc5a86878be\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTUPnPSv) -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (CTDevice_Srv) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)

========== Driver Services (SafeList) ==========

DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{2E9DE346-6EAF-457D-804A-D41EB7C81751}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Android\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/17 04:28:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 02:36:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1D1F9AA1-CCAC-11E1-8270-B8AC6F996F26}: C:\Users\Chrissy\AppData\Local\{1D1F9AA1-CCAC-11E1-8270-B8AC6F996F26}\ [2012/07/12 22:32:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 02:36:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/06 20:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrissy\AppData\Roaming\Mozilla\Extensions
[2012/07/24 16:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrissy\AppData\Roaming\Mozilla\Firefox\Profiles\lv5dz891.default\extensions
[2012/07/16 12:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/16 12:38:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/12 22:32:20 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\CHRISSY\APPDATA\LOCAL\{1D1F9AA1-CCAC-11E1-8270-B8AC6F996F26}
[2011/12/24 21:15:34 | 000,059,201 | ---- | M] () (No name found) -- C:\USERS\CHRISSY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LV5DZ891.DEFAULT\EXTENSIONS\{6BFD307A-C040-11DA-9749-FB1C850B47DF}.XPI
[2011/12/07 04:27:22 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\CHRISSY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LV5DZ891.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/03/28 01:41:15 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\CHRISSY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LV5DZ891.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/07/19 02:36:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/15 16:17:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/15 16:17:38 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/28 23:33:33 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Android\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{738D214A-AF36-4AFD-909E-6BDFE261A59A}: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 23:30:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/28 14:39:58 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Chrissy\Desktop\OTL.exe
[2012/07/27 19:39:14 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chrissy\Desktop\TDSSKiller.exe
[2012/07/26 13:20:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/26 13:12:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/26 01:31:54 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/25 19:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/25 19:00:44 | 000,000,000 | ---D | C] -- C:\Users\Chrissy\AppData\Roaming\Malwarebytes
[2012/07/25 19:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/25 18:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/25 18:59:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/25 18:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/25 18:50:36 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2012/07/24 15:32:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/24 15:32:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/24 15:32:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/24 15:31:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/24 15:28:53 | 004,584,441 | R--- | C] (Swearware) -- C:\Users\Chrissy\Desktop\ComboFix.exe
[2012/07/23 22:57:44 | 000,000,000 | ---D | C] -- C:\Users\Chrissy\AppData\Local\SoftGrid Client
[2012/07/23 22:57:39 | 000,000,000 | ---D | C] -- C:\Users\Chrissy\AppData\Roaming\SoftGrid Client
[2012/07/23 22:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/07/23 22:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/07/23 22:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/07/23 22:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012/07/23 22:55:47 | 000,000,000 | ---D | C] -- C:\Users\Chrissy\AppData\Roaming\TP
[2012/07/23 17:20:54 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012/07/23 17:20:54 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012/07/23 16:07:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/07/23 16:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/23 16:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/07/19 03:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/19 02:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/19 01:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/19 01:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/19 01:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/17 06:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/17 06:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/17 04:56:43 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/07/17 04:29:01 | 000,000,000 | ---D | C] -- C:\Users\Chrissy\AppData\Roaming\AVG2012
[2012/07/17 04:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/07/17 04:28:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/07/17 04:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/17 04:27:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/07/17 04:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/07/17 04:23:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/17 04:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/16 12:38:03 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/07/16 12:38:03 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/07/16 12:38:03 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/07/16 12:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/07/12 22:32:20 | 000,000,000 | ---D | C] -- C:\Users\Chrissy\AppData\Local\{1D1F9AA1-CCAC-11E1-8270-B8AC6F996F26}
[2012/07/12 11:06:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 11:06:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 11:06:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 11:06:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 11:06:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 11:06:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 11:06:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 11:06:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 11:06:37 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 11:06:37 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 11:06:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 11:06:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/12 11:06:36 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 11:09:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 11:09:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 11:09:48 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 11:09:45 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 11:09:45 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/01 00:08:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\YouCam
[2012/07/01 00:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink

========== Files - Modified Within 30 Days ==========

[2012/07/28 23:44:18 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 23:44:18 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 23:42:45 | 000,780,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/28 23:42:45 | 000,661,292 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/28 23:42:45 | 000,121,930 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/28 23:36:48 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/28 23:36:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/28 23:35:52 | 1827,725,311 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/28 23:33:33 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/28 23:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/28 23:18:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/28 17:27:57 | 102,391,247 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/28 14:39:58 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Chrissy\Desktop\OTL.exe
[2012/07/28 03:47:59 | 000,774,616 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/28 01:31:10 | 000,119,933 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/27 16:00:56 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/07/27 04:19:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 04:19:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/25 19:00:00 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/24 15:29:00 | 004,584,441 | R--- | M] (Swearware) -- C:\Users\Chrissy\Desktop\ComboFix.exe
[2012/07/24 13:42:43 | 000,000,512 | ---- | M] () -- C:\Users\Chrissy\Documents\MBR.dat
[2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chrissy\Desktop\TDSSKiller.exe
[2012/07/23 16:06:35 | 000,001,108 | ---- | M] () -- C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/07/23 16:06:24 | 000,000,928 | ---- | M] () -- C:\Users\Chrissy\Desktop\NTREGOPT.lnk
[2012/07/23 16:06:23 | 000,000,909 | ---- | M] () -- C:\Users\Chrissy\Desktop\ERUNT.lnk
[2012/07/23 15:59:33 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChrissy.job
[2012/07/19 01:12:07 | 000,001,286 | ---- | M] () -- C:\Users\Chrissy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/19 01:12:07 | 000,001,262 | ---- | M] () -- C:\Users\Chrissy\Desktop\Spybot - Search & Destroy.lnk
[2012/07/17 06:19:24 | 000,064,682 | ---- | M] () -- C:\Users\Chrissy\Documents\cc_20120717_061906.reg
[2012/07/17 06:17:38 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/17 04:35:07 | 000,625,911 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/07/17 04:28:38 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/17 04:28:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/17 04:28:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/07/17 04:28:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/16 01:33:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2012/07/12 11:39:14 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/29 17:30:21 | 002,754,833 | ---- | M] () -- C:\Users\Chrissy\Desktop\20120514_214109.jpg
[2012/06/29 17:24:43 | 003,699,953 | ---- | M] () -- C:\Users\Chrissy\Desktop\20120609_144140.jpg

========== Files Created - No Company Name ==========

[2012/07/28 17:27:57 | 102,391,247 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/28 01:31:09 | 000,119,933 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/25 19:00:00 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/24 15:32:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/24 15:32:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/24 15:32:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/24 15:32:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/24 15:32:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/24 13:42:43 | 000,000,512 | ---- | C] () -- C:\Users\Chrissy\Documents\MBR.dat
[2012/07/23 16:06:35 | 000,001,108 | ---- | C] () -- C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/07/23 16:06:24 | 000,000,928 | ---- | C] () -- C:\Users\Chrissy\Desktop\NTREGOPT.lnk
[2012/07/23 16:06:23 | 000,000,909 | ---- | C] () -- C:\Users\Chrissy\Desktop\ERUNT.lnk
[2012/07/19 01:12:07 | 000,001,286 | ---- | C] () -- C:\Users\Chrissy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/19 01:12:07 | 000,001,262 | ---- | C] () -- C:\Users\Chrissy\Desktop\Spybot - Search & Destroy.lnk
[2012/07/17 06:19:11 | 000,064,682 | ---- | C] () -- C:\Users\Chrissy\Documents\cc_20120717_061906.reg
[2012/07/17 06:17:38 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/17 04:35:07 | 000,625,911 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/07/17 04:28:38 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/17 04:28:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/17 04:28:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/07/17 04:28:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/16 01:33:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2012/06/29 17:30:20 | 002,754,833 | ---- | C] () -- C:\Users\Chrissy\Desktop\20120514_214109.jpg
[2012/06/29 17:24:42 | 003,699,953 | ---- | C] () -- C:\Users\Chrissy\Desktop\20120609_144140.jpg
[2012/06/01 07:31:34 | 000,026,024 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2012/01/31 02:56:09 | 000,774,616 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/09/26 01:52:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/26 01:50:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/07/05 11:47:06 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/06/09 19:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/13 07:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/03/18 02:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

< End of report >

I haven't been redirected since my post before. Everything seems ok so far.

**WistfulSparrow** · 2012-07-29, 09:51

I was wrong. I just got redirected again.

**jeffce** · 2012-07-29, 19:41

Hi,

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

**WistfulSparrow** · 2012-07-29, 22:04

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Insyde
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion g7 Notebook PC
Logical Drives Mask: 0x0001007c

Kernel Drivers (total 166):
0x02E54000 \SystemRoot\system32\ntoskrnl.exe
0x02E0B000 \SystemRoot\system32\hal.dll
0x00BA4000 \SystemRoot\system32\kdcom.dll
0x00CF9000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00D06000 \SystemRoot\system32\PSHED.dll
0x00D1A000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EFC000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FA0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E60000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E6A000 \SystemRoot\system32\drivers\pci.sys
0x00E9D000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys
0x00EBF000 \SystemRoot\system32\drivers\compbatt.sys
0x00EC8000 \SystemRoot\system32\drivers\BATTC.SYS
0x00ED4000 \SystemRoot\system32\drivers\volmgr.sys
0x00D78000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FAF000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FC9000 \SystemRoot\system32\drivers\amdsata.sys
0x010BD000 \SystemRoot\system32\drivers\storport.sys
0x01120000 \SystemRoot\system32\drivers\amdxata.sys
0x0112B000 \SystemRoot\system32\DRIVERS\amd_sata.sys
0x01142000 \SystemRoot\system32\DRIVERS\amd_xata.sys
0x01150000 \SystemRoot\system32\drivers\fltmgr.sys
0x0119C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01253000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01439000 \SystemRoot\System32\Drivers\cng.sys
0x014AB000 \SystemRoot\System32\drivers\pcw.sys
0x014BC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014C6000 \SystemRoot\system32\drivers\ndis.sys
0x016F0000 \SystemRoot\system32\drivers\NETIO.SYS
0x01750000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0186A000 \SystemRoot\System32\drivers\tcpip.sys
0x01A6D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AB7000 \SystemRoot\system32\DRIVERS\wd.sys
0x01ABF000 \SystemRoot\system32\drivers\volsnap.sys
0x01B0B000 \SystemRoot\System32\Drivers\spldr.sys
0x01B13000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B4D000 \SystemRoot\System32\Drivers\mup.sys
0x01B5F000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B68000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BA2000 \SystemRoot\system32\drivers\disk.sys
0x01BB8000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01BE8000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01BF4000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x0177A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01842000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x01852000 \SystemRoot\System32\Drivers\Null.SYS
0x0185B000 \SystemRoot\System32\Drivers\Beep.SYS
0x017A4000 \SystemRoot\System32\drivers\vga.sys
0x017B2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x017D7000 \SystemRoot\System32\drivers\watchdog.sys
0x017E7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x017F0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01600000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01609000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01614000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01625000 \SystemRoot\system32\DRIVERS\avgfwd6a.sys
0x01634000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01656000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01663000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x015B9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03CDF000 \SystemRoot\system32\drivers\afd.sys
0x03D68000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03D73000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03D7C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03DA2000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03DB8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03DC7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03DE2000 \SystemRoot\system32\drivers\termdd.sys
0x03C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03C5D000 \SystemRoot\system32\drivers\mssmbios.sys
0x03C68000 \SystemRoot\System32\drivers\discache.sys
0x03C77000 \SystemRoot\System32\Drivers\dfsc.sys
0x03C95000 \SystemRoot\system32\drivers\blbdrive.sys
0x0105E000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x03CA6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x016C3000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x04001000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04A41000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x05450000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05544000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0558A000 \SystemRoot\system32\drivers\HDAudBus.sys
0x055AE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x055BB000 \SystemRoot\system32\drivers\usbohci.sys
0x04054000 \SystemRoot\system32\drivers\USBPORT.SYS
0x055C6000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x055D4000 \SystemRoot\system32\drivers\usbehci.sys
0x04A00000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04A1E000 \SystemRoot\system32\drivers\kbdclass.sys
0x04481000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x045E9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x045EB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03E43000 \SystemRoot\system32\DRIVERS\rtl8192Ce.sys
0x03FB2000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x040AA000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04400000 \SystemRoot\system32\DRIVERS\RtsPStor.sys
0x03FBF000 \SystemRoot\system32\drivers\CmBatt.sys
0x03FC4000 \SystemRoot\system32\drivers\wmiacpi.sys
0x03FCD000 \SystemRoot\system32\drivers\CompositeBus.sys
0x03FDD000 \SystemRoot\system32\DRIVERS\clwvd.sys
0x03E00000 \SystemRoot\system32\DRIVERS\ks.sys
0x03FE3000 \SystemRoot\system32\drivers\ksthunk.sys
0x03FE9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04457000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04A2D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0412F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x055E5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0415E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0417F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0447B000 \SystemRoot\system32\drivers\swenum.sys
0x04199000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05869000 \SystemRoot\system32\drivers\usbhub.sys
0x058C3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x058D8000 \SystemRoot\system32\drivers\AtihdW76.sys
0x058F8000 \SystemRoot\system32\drivers\portcls.sys
0x05935000 \SystemRoot\system32\drivers\drmk.sys
0x05957000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x059DC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05800000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0740E000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x000C0000 \SystemRoot\System32\win32k.sys
0x075D4000 \SystemRoot\System32\drivers\Dxapi.sys
0x075E0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05836000 \SystemRoot\system32\DRIVERS\WinUsb.sys
0x07400000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05847000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05855000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x041AB000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
0x041C2000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00500000 \SystemRoot\System32\TSDDD.dll
0x00630000 \SystemRoot\System32\cdd.dll
0x041D5000 \SystemRoot\system32\drivers\luafv.sys
0x03CCC000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x01800000 \SystemRoot\system32\drivers\WudfPf.sys
0x01821000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x056A6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x056F9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0570C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05724000 \SystemRoot\system32\drivers\HTTP.sys
0x057ED000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x05600000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0561E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05636000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x011B0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05663000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05687000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x08421000 \SystemRoot\system32\drivers\peauth.sys
0x084C7000 \SystemRoot\System32\Drivers\secdrv.SYS
0x084D2000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x08593000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x01400000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x085E0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0121B000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x08E26000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08E8F000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x08E9A000 \SystemRoot\System32\DRIVERS\srv.sys
0x08F32000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x776B0000 \Windows\System32\ntdll.dll
0x47C70000 \Windows\System32\smss.exe
0xFF9D0000 \Windows\System32\apisetschema.dll

Processes (total 93):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
628 csrss.exe
796 C:\Windows\System32\wininit.exe
804 csrss.exe
860 C:\Windows\System32\services.exe
868 C:\Windows\System32\lsass.exe
876 C:\Windows\System32\lsm.exe
976 C:\Windows\System32\svchost.exe
328 C:\Windows\System32\winlogon.exe
588 C:\Windows\System32\svchost.exe
692 C:\Windows\System32\atiesrxx.exe
616 C:\Windows\System32\svchost.exe
768 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1072 C:\Program Files\IDT\WDM\stacsv64.exe
1340 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\atieclxx.exe
1484 C:\Windows\System32\svchost.exe
1644 C:\Windows\System32\spoolsv.exe
1696 C:\Windows\System32\svchost.exe
1776 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1816 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1848 C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
1892 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
1912 C:\Program Files\Bonjour\mDNSResponder.exe
1968 C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
2032 C:\Windows\System32\svchost.exe
1588 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
1608 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1828 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
1280 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
2076 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
2140 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
2380 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
2404 C:\Windows\System32\svchost.exe
2476 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2608 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2724 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2936 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
3576 C:\Windows\System32\dwm.exe
3600 C:\Windows\System32\taskhost.exe
3612 C:\Windows\explorer.exe
4032 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3872 C:\Windows\System32\svchost.exe
3208 WUDFHost.exe
2864 C:\Windows\System32\rundll32.exe
4340 C:\Windows\System32\taskeng.exe
4372 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
4440 C:\Windows\System32\SearchIndexer.exe
4480 C:\Windows\notepad.exe
4692 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4700 C:\Program Files\IDT\WDM\sttray64.exe
4712 C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
4736 C:\Program Files (x86)\uTorrent\uTorrent.exe
4776 C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
4840 C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
4860 C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
4868 C:\Program Files\Windows Sidebar\sidebar.exe
4880 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4892 C:\Program Files (x86)\Samsung\Kies\Kies.exe
4976 C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
5004 C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
5076 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
4132 C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
2348 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2312 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
792 C:\Program Files (x86)\iTunes\iTunesHelper.exe
572 WmiPrvSE.exe
752 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
2328 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
4148 C:\Windows\System32\conhost.exe
4904 C:\Program Files\iPod\bin\iPodService.exe
3484 C:\Program Files\Windows Media Player\wmpnetwk.exe
5212 C:\Windows\System32\svchost.exe
5628 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
6088 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
6060 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
5952 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
5060 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4360 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
5404 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
5068 C:\Windows\System32\audiodg.exe
5408 C:\Windows\System32\wuauclt.exe
6356 C:\Windows\System32\SearchProtocolHost.exe
2792 C:\Windows\System32\taskeng.exe
3152 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
3164 C:\Windows\System32\SearchFilterHost.exe
1368 C:\Program Files (x86)\AVG\AVG2012\avgui.exe
7144 taskhost.exe
3424 C:\Users\Chrissy\Desktop\MBRCheck.exe
5020 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006f`d7000000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000073`72c00000 (FAT32)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: HitachiHTS545050B9A300, Rev: PB4OCA1G

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

**jeffce** · 2012-07-29, 23:27

Hi,

That looked good. What browser are you being redirected in?? Firefox, Internet Explorer...Google Chrome?

**WistfulSparrow** · 2012-07-29, 23:49

I use firefox.

**jeffce** · 2012-07-30, 02:31

Hi,

Ok thanks.
----------

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:Services

:OTL
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1D1F9AA1-CCAC-11E1-8270-B8AC6F996F26}: C:\Users\Chrissy\AppData\Local\{1D1F9AA1-CCAC-11E1-8270-B8AC6F996F26}\ [2012/07/12 22:32:20 | 000,000,000 | ---D | M]
[2011/12/24 21:15:34 | 000,059,201 | ---- | M] () (No name found) -- C:\USERS\CHRISSY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LV5DZ891.DEFAULT\EXTENSIONS\{6BFD307A-C040-11DA-9749-FB1C850B47DF}.XPI

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------

Thread: Redirect Problems

Thread Tools

Display

Posting Permissions