# Search engine redirects.



## mlanspery (Apr 29, 2012)

Hello, I have been having what appears to be similar problems as a few other users. You will have to forgive me, my computer know how is a 1 on a 1-5 scale. I am a paramedic, so I can fix people, just not computers! When clicking a link on Google or Yahoo, I am redirected to aother site, sometimes one that has the same results as the original search. sometimes it is the "happili" site heard of in other threads. Also, occasionaly a window will pop up asking if I am sure I want to navigate away from this page. Strangely, this may occur even when IE is not open. Below is my system information:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU P7550 @ 2.26GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4063 Mb
Graphics Card: NVIDIA GeForce GT 130M, 1024 Mb
Hard Drives: C: Total - 466843 MB, Free - 335283 MB; D: Total - 10091 MB, Free - 1767 MB;
Motherboard: Quanta, 361B
Antivirus: AntiVir Desktop, Updated and Enabled

Hijack this paste:

Scan saved at 2:08:14 PM, on 4/29/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Mike\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jetsinsider.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Verizon] Rundll32.exe C:\Users\Mike\AppData\Local\Verizon\jtvsoghp.dll,m4OutVideoPutFrameV
O4 - HKCU\..\Run: [ElevatedDiagnostics] rundll32.exe "C:\Users\Mike\AppData\Local\Hewlett-Packard\ElevatedDiagnostics\weiplhyp.dll",DllRegisterServer
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} (HP Product Detection Control) - https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://38.104.166.66/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 14227 bytes

DDS Txt:

DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Mike at 14:10:15 on 2012-04-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4063.2360 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Windows\system32\vfsFPService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Mike\Desktop\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uStart Page = hxxp://www.jetsinsider.com/
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Verizon] Rundll32.exe C:\Users\Mike\AppData\Local\Verizon\jtvsoghp.dll,m4OutVideoPutFrameV
uRun: [ElevatedDiagnostics] rundll32.exe "C:\Users\Mike\AppData\Local\Hewlett-Packard\ElevatedDiagnostics\weiplhyp.dll",DllRegisterServer
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://38.104.166.66/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{808AABB5-3F0C-4BCE-BCBD-09E3B8A007C4} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{808AABB5-3F0C-4BCE-BCBD-09E3B8A007C4}\030313331433442443131454 : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{808AABB5-3F0C-4BCE-BCBD-09E3B8A007C4}\255616469725F6F6D6 : DhcpNameServer = 167.206.251.129 167.206.251.130
TCP: Interfaces\{808AABB5-3F0C-4BCE-BCBD-09E3B8A007C4}\3547164796F6E60283 : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{808AABB5-3F0C-4BCE-BCBD-09E3B8A007C4}\3547164796F6E62303 : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{808AABB5-3F0C-4BCE-BCBD-09E3B8A007C4}\3757D6D656270226275656A756 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{808AABB5-3F0C-4BCE-BCBD-09E3B8A007C4}\C416E63707562797255637964656E63656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{808AABB5-3F0C-4BCE-BCBD-09E3B8A007C4}\D4C43535 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{99A38EE9-40F6-4F54-A3A4-80944AABE7F0} : DhcpNameServer = 71.243.0.12 68.237.161.12
LSA: Notification Packages = scecli DPPWDFLT
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO-X64: DigitalPersona Personal Extension - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z144&ocid=zdhp&install_date=20111220
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z144&form=ZGAADF&install_date=20111220&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51071
FF - prefs.js: network.proxy.type - 1
FF - component: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll
FF - plugin: C:\Users\Mike\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 02:44:39];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2009-11-10 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2009-11-10 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010-10-13 290832]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-2-28 517632]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-2-6 365952]
R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe [2011-2-28 689464]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-2-1 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-2-1 185640]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
R2 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [2008-11-18 599344]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-2-3 427192]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS
\NETw5s64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-1 135664]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-2-6 227896]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-1 135664]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS
\netw5v64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-26 15:09:18 -------- d-----w- C:\Users\Mike\AppData\Local\Verizon
2012-04-13 13:48:39 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-13 13:48:39 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-13 13:48:39 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-13 13:43:55 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-13 13:43:55 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-13 13:43:55 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-13 13:43:54 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-13 13:43:54 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-13 13:43:54 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-13 13:43:54 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-31 17:20:14 -------- d-----w- C:\Program Files (x86)\SpeedFan
.
==================== Find3M ====================
.
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 14:10:56.10 ===============

attach txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 12/1/2009 7:35:34 PM
System Uptime: 4/29/2012 10:26:59 AM (4 hours ago)
.
Motherboard: Quanta | | 361B
Processor: Intel(R) Core(TM)2 Duo CPU P7550 @ 2.26GHz 
| CPU | 2266/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 327.475 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.726 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7100 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7100 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P2035n
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP LaserJet P2035n
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service: 
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P2035n
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: HP LaserJet P2035n
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service: 
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter 
for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for 
Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C7100 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C7100 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP357: 3/22/2012 10:52:47 PM - Scheduled Checkpoint
RP358: 3/30/2012 1:15:45 PM - Scheduled Checkpoint
RP359: 4/6/2012 9:25:18 PM - Scheduled Checkpoint
RP360: 4/13/2012 9:43:13 AM - Windows Update
RP361: 4/20/2012 11:24:09 AM - Scheduled Checkpoint
RP362: 4/29/2012 10:13:27 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Adobe Shockwave Player 11.6
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
AnyDVD
Apple Application Support
Apple Software Update
AutoUpdate
AVerMedia TV Tuner Card 1.0.0.3
Avira AntiVir Personal - Free Antivirus
Bing Bar
BitTorrent
BufferChm
C7100
c7100_Help
Cisco AnyConnect VPN Client
CloneDVD2
Command & Conquer Red Alert 2
Compatibility Pack for the 2007 Office system
ConverterLite 0.1
Copy
CyberLink DVD Suite
Destinations
DeviceDiscovery
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
ESU for Microsoft Vista
Fax
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
H.264 Decoder
HP Advisor
HP Customer Experience Enhancements
HP Doc Viewer
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart TV
HP MediaSmart Webcam
HP Quick Launch Buttons
HP Support Assistant
HP Total Care Setup
HP Update
HP User Guides 0115
HP Wireless Assistant
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IDT Audio
IHA_MessageCenter
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller Driver
Juno Preloader
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 
8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 
9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 
9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 
9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 
9.0.30729.6161
MKV Splitter
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
muvee Reveal
myfantasyleague.com Game Day 2011
NetZero Preloader
Power2Go
PowerDirector
QLBCASL
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Redist
Scan
SCRABBLE PLUS
Security Update for Microsoft .NET Framework 4 Client 
Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client 
Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client 
Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client 
Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client 
Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client 
Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client 
Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client 
Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client 
Profile (KB2656368)
Security Update for Microsoft Office 2007 suites 
(KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites 
(KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites 
(KB2598041) 32-Bit Edition
Slingbox - Watch Your TV Anywhere
SlingPlayer
SmartWebPrinting
SolutionCenter
SpeedFan (remove only)
StartNow Toolbar
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile 
(KB2468871)
Update for Microsoft .NET Framework 4 Client Profile 
(KB2533523)
Update for Microsoft .NET Framework 4 Client Profile 
(KB2600217)
Update for Microsoft Office 2007 Help for Common Features 
(KB963673)
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit 
Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Script Editor Help (KB963671)
VC80CRTRedist - 8.0.50727.4053
Verizon Download Manager
Verizon Help and Support Tool
Verizon Media Manager
Verizon Servicepoint 3.7.44
Vz In Home Agent
WebReg
Westwood Shared Internet Components
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/29/2012 10:28:14 AM, Error: Service Control Manager 
[7026] - The following boot-start or system-start driver
(s) failed to load: is3srv szkg5
4/23/2012 8:47:28 PM, Error: Tcpip [4199] - The system 
detected an address conflict for IP address 192.168.1.4 
with the system having network hardware address 00-23-99-
3D-17-1F. Network operations on this system may be 
disrupted as a result.
4/22/2012 5:44:31 AM, Error: Service Control Manager [7011] 
- A timeout (30000 milliseconds) was reached while waiting 
for a transaction response from the WSearch service.
.
==== End Of File ===========================

I'm starting this process at work, I don't know if the network makes a difference or not.Please let me know if there is anything else you need. Thank you in advance for your help!


----------



## kevinf80 (Mar 21, 2006)

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## mlanspery (Apr 29, 2012)

Combofix claimed that my antivirus was not disabled, but I definately checked and made sure that the "umbrella" was closed. Also, I had to get creative to get into a working browser, I had go through restore and favorites and click the link there. Everything else claims it was marked for deletion, or something like that. Anyway, here is the log:

ComboFix 12-04-29.02 - Mike 04/29/2012 19:59:56.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4063.2551 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\LP
c:\program files (x86)\LP\F786\2413.tmp
c:\program files (x86)\LP\F786\CE66.tmp
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\ReactivateFF.exe
c:\program files (x86)\StartNow Toolbar\ReactivateIE.exe
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\programdata\8i0b5YmF.ico
c:\programdata\8zavvx23.ico
c:\users\Mike\AppData\Local\Hewlett-Packard\ElevatedDiagnostics\weiplhyp.dll
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{19666126-44e9-401c-9a15-b35489e6b9e3}
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{19666126-44e9-401c-9a15-b35489e6b9e3}\chrome.manifest
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{19666126-44e9-401c-9a15-b35489e6b9e3}\chrome\xulcache.jar
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{19666126-44e9-401c-9a15-b35489e6b9e3}\defaults\preferences\xulcache.js
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{19666126-44e9-401c-9a15-b35489e6b9e3}\install.rdf
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\searchplugins\bing-zugo.xml
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 00:06 . 2012-04-30 00:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-26 15:09 . 2012-04-26 15:09 -------- d-----w- c:\users\Mike\AppData\Local\Verizon
2012-04-13 13:48 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 13:48 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-13 13:48 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-13 13:43 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 13:43 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 13:43 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 13:43 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 13:43 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 13:43 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 13:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-31 17:20 . 2012-03-31 17:20 -------- d-----w- c:\program files (x86)\SpeedFan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2010-07-25 00:37 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-07 12:32 . 2012-03-07 12:32 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-17 06:38 . 2012-03-14 11:18 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 11:18 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 11:18 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 11:18 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 11:18 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 11:18 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 11:18 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-14 39408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Verizon"="c:\users\Mike\AppData\Local\Verizon\jtvsoghp.dll" [2012-02-04 352496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-02 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-02 135664]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 02:44];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 01:04 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-03-17 517632]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-18 365952]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Verizon\VSP\ServicepointService.exe [2011-01-10 689464]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-02-01 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-02-01 185640]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-27 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-27 116096]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-11-18 721712]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-02 03:26]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-02 03:26]
.
2012-04-26 c:\windows\Tasks\HPCeeScheduleForMike.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 08:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF31848.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.jetsinsider.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://38.104.166.66/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z144&ocid=zdhp&install_date=20111220
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z144&form=ZGAADF&install_date=20111220&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51071
FF - prefs.js: network.proxy.type - 1
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ElevatedDiagnostics - c:\users\Mike\AppData\Local\Hewlett-Packard\ElevatedDiagnostics\weiplhyp.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-04-29 20:14:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-30 00:14
.
Pre-Run: 363,744,231,424 bytes free
Post-Run: 363,573,309,440 bytes free
.
- - End Of File - - FECBED8FA9B408367B73C05A338B90FA


----------



## kevinf80 (Mar 21, 2006)

Thanks for the log, do the following:

*Step 1*

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
KillAll::
ClearJavaCache::
File::
c:\windows\SySWOW64\drivers\is3srv64.sys
c:\windows\SySWOW64\DRIVERS\szkg64.sys
Driver::
is3srv
szkg5
Firefox::
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51071
FF - prefs.js: network.proxy.type - 1
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

*Step 2*

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








*Leave the tick out of remove found threats*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

*Also be aware this scan can take several hours to complete depending on the size of your system.*

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

Let me see those two logs, also give an update on current issues/concerns...

Kevin..


----------



## mlanspery (Apr 29, 2012)

when I try to run ESET onlinescan, after it updates the database in step 2, it says in red, "Unexpected Error 2002". So, I can't run the scan. In the meantime, here is the log from combofix:

ComboFix 12-04-29.02 - Mike 04/30/2012 7:05.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4063.2703 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
Command switches used :: c:\users\Mike\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SySWOW64\drivers\is3srv64.sys"
"c:\windows\SySWOW64\DRIVERS\szkg64.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SZKG5
-------\Service_is3srv
-------\Service_szkg5
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 11:11 . 2012-04-30 11:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-26 15:09 . 2012-04-26 15:09 -------- d-----w- c:\users\Mike\AppData\Local\Verizon
2012-04-13 13:48 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 13:48 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-13 13:48 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-13 13:43 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 13:43 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 13:43 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 13:43 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 13:43 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 13:43 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 13:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-31 17:20 . 2012-03-31 17:20 -------- d-----w- c:\program files (x86)\SpeedFan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2010-07-25 00:37 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-07 12:32 . 2012-03-07 12:32 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-17 06:38 . 2012-03-14 11:18 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 11:18 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 11:18 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 11:18 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 11:18 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 11:18 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 11:18 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( [email protected]_00.08.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-30 00:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-30 11:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-30 11:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-30 00:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-12 19:09 . 2012-04-30 03:33 65546 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-30 11:14 48284 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-02 01:23 . 2012-04-30 11:14 13696 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3308639748-1256008133-3562106641-1000_UserData.bin
+ 2009-12-01 23:50 . 2012-04-30 10:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-01 23:50 . 2012-04-30 00:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-01 23:50 . 2012-04-30 10:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-01 23:50 . 2012-04-30 00:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-30 00:03 16384  c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-30 10:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-07 20:10 . 2012-04-30 03:29 1944 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-04-30 00:08 . 2012-04-30 00:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-30 11:12 . 2012-04-30 11:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-30 11:12 . 2012-04-30 11:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-30 00:08 . 2012-04-30 00:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-04-30 00:08 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-30 11:13 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-02 11:10 . 2012-04-30 10:49 379854 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-04-30 09:27 624412 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-29 14:33 624412 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-30 09:27 106756 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-29 14:33 106756 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-30 11:11 272312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-30 00:07 272312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-17 00:06 . 2012-04-30 11:11 31547732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3308639748-1256008133-3562106641-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-14 39408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Verizon"="c:\users\Mike\AppData\Local\Verizon\jtvsoghp.dll" [2012-02-04 352496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-02 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-02 135664]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 02:44];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 01:04 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-03-17 517632]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-18 365952]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Verizon\VSP\ServicepointService.exe [2011-01-10 689464]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-02-01 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-02-01 185640]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-27 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-27 116096]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-11-18 721712]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-02 03:26]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-02 03:26]
.
2012-04-26 c:\windows\Tasks\HPCeeScheduleForMike.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 08:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF31788.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.jetsinsider.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://38.104.166.66/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z144&ocid=zdhp&install_date=20111220
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z144&form=ZGAADF&install_date=20111220&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-04-30 07:19:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-30 11:19
ComboFix2.txt 2012-04-30 00:14
.
Pre-Run: 363,731,472,384 bytes free
Post-Run: 363,674,660,864 bytes free
.
- - End Of File - - DED4ABC80A6E2AEE5E78D7F15536C282


----------



## mlanspery (Apr 29, 2012)

Okay, this time esetscan worked fine. The log is below:

C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ReactivateIE.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarBroker.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{19666126-44e9-401c-9a15-b35489e6b9e3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined


----------



## kevinf80 (Mar 21, 2006)

The ESET log is only showing files that are already quarantined so are very safe. How is your system responding, any issues/concerns?

Kevin


----------



## mlanspery (Apr 29, 2012)

I just went on to Google and tried some random searches. I'm still being redirected when I click on some of the links. Sometimes it works, sometimes I'm redirected to a random site, like the "happilli" site, or the "congratulations you won something" site. Also, I still randomly get the "Are you sure you want to navigate away from this page" pop up, even when IE isn't up. Something must still be afoot, I guess.


----------



## kevinf80 (Mar 21, 2006)

OK run the following:

*Please read carefully and follow these steps.*

Download *TDSSKiller* and save it to your Desktop.

Doubleclick on







to run the application.

The "Ready to scan" window will open, Click on* "Change parameters"*










Place a checkmark next to Verify *Driver Digital Signature* and *Detect TDLFS file system*, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.










Select "Start Scan"










If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.

Kevin...


----------



## mlanspery (Apr 29, 2012)

Kevin, here is the report from tdsskiller:

12:26:42.0404 4204 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
12:26:42.0664 4204 ============================================================
12:26:42.0664 4204 Current date / time: 2012/04/30 12:26:42.0664
12:26:42.0664 4204 SystemInfo:
12:26:42.0664 4204 
12:26:42.0664 4204 OS Version: 6.1.7601 ServicePack: 1.0
12:26:42.0664 4204 Product type: Workstation
12:26:42.0664 4204 ComputerName: MIKE-HPLAPTOP
12:26:42.0664 4204 UserName: Mike
12:26:42.0664 4204 Windows directory: C:\Windows
12:26:42.0664 4204 System windows directory: C:\Windows
12:26:42.0664 4204 Running under WOW64
12:26:42.0664 4204 Processor architecture: Intel x64
12:26:42.0664 4204 Number of processors: 2
12:26:42.0664 4204 Page size: 0x1000
12:26:42.0664 4204 Boot type: Normal boot
12:26:42.0664 4204 ============================================================
12:26:43.0804 4204 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:26:43.0824 4204 ============================================================
12:26:43.0824 4204 \Device\Harddisk0\DR0:
12:26:43.0824 4204 MBR partitions:
12:26:43.0824 4204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38FCE000
12:26:43.0824 4204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x38FCE800, BlocksNum 0x13B6000
12:26:43.0824 4204 ============================================================
12:26:43.0894 4204 C: <-> \Device\Harddisk0\DR0\Partition0
12:26:43.0944 4204 D: <-> \Device\Harddisk0\DR0\Partition1
12:26:43.0944 4204 ============================================================
12:26:43.0944 4204 Initialize success
12:26:43.0944 4204 ============================================================
12:28:00.0767 3364 ============================================================
12:28:00.0767 3364 Scan started
12:28:00.0767 3364 Mode: Manual; SigCheck; TDLFS; 
12:28:00.0767 3364 ============================================================
12:28:02.0397 3364 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:28:02.0527 3364 1394ohci - ok
12:28:02.0567 3364 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
12:28:02.0587 3364 Accelerometer - ok
12:28:02.0657 3364 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:28:02.0677 3364 ACPI - ok
12:28:02.0707 3364 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:28:02.0807 3364 AcpiPmi - ok
12:28:03.0047 3364 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:28:03.0097 3364 adp94xx - ok
12:28:03.0157 3364 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:28:03.0177 3364 adpahci - ok
12:28:03.0207 3364 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:28:03.0237 3364 adpu320 - ok
12:28:03.0277 3364 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:28:03.0427 3364 AeLookupSvc - ok
12:28:03.0537 3364 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
12:28:03.0647 3364 AESTFilters - ok
12:28:03.0717 3364 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:28:03.0817 3364 AFD - ok
12:28:03.0857 3364 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:28:03.0877 3364 agp440 - ok
12:28:03.0897 3364 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:28:03.0997 3364 ALG - ok
12:28:04.0027 3364 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:28:04.0047 3364 aliide - ok
12:28:04.0067 3364 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:28:04.0077 3364 amdide - ok
12:28:04.0127 3364 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:28:04.0207 3364 AmdK8 - ok
12:28:04.0227 3364 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:28:04.0278 3364 AmdPPM - ok
12:28:04.0328 3364 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:28:04.0348 3364 amdsata - ok
12:28:04.0388 3364 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:28:04.0408 3364 amdsbs - ok
12:28:04.0428 3364 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:28:04.0448 3364 amdxata - ok
12:28:04.0558 3364 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:28:04.0598 3364 AntiVirSchedulerService - ok
12:28:04.0648 3364 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:28:04.0678 3364 AntiVirService - ok
12:28:04.0738 3364 AnyDVD (d267ba6bd27fc614269ffad473ffae8d) C:\Windows\system32\Drivers\AnyDVD.sys
12:28:04.0778 3364 AnyDVD - ok
12:28:04.0828 3364 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:28:04.0988 3364 AppID - ok
12:28:05.0008 3364 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:28:05.0098 3364 AppIDSvc - ok
12:28:05.0168 3364 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:28:05.0218 3364 Appinfo - ok
12:28:05.0368 3364 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:28:05.0398 3364 Apple Mobile Device - ok
12:28:05.0478 3364 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:28:05.0488 3364 arc - ok
12:28:05.0528 3364 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:28:05.0548 3364 arcsas - ok
12:28:05.0578 3364 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:28:05.0648 3364 AsyncMac - ok
12:28:05.0668 3364 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:28:05.0678 3364 atapi - ok
12:28:05.0778 3364 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:28:05.0888 3364 AudioEndpointBuilder - ok
12:28:05.0888 3364 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:28:05.0928 3364 AudioSrv - ok
12:28:05.0968 3364 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
12:28:05.0998 3364 avgntflt - ok
12:28:06.0078 3364 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
12:28:06.0098 3364 avipbb - ok
12:28:06.0178 3364 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:28:06.0328 3364 AxInstSV - ok
12:28:06.0398 3364 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:28:06.0458 3364 b06bdrv - ok
12:28:06.0538 3364 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:28:06.0598 3364 b57nd60a - ok
12:28:06.0708 3364 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:28:06.0738 3364 BBSvc - ok
12:28:06.0788 3364 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:28:06.0828 3364 BDESVC - ok
12:28:06.0878 3364 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:28:06.0968 3364 Beep - ok
12:28:07.0088 3364 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:28:07.0158 3364 BFE - ok
12:28:07.0248 3364 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:28:07.0338 3364 BITS - ok
12:28:07.0428 3364 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:28:07.0468 3364 blbdrive - ok
12:28:07.0608 3364 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:28:07.0638 3364 Bonjour Service - ok
12:28:07.0678 3364 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:28:07.0748 3364 bowser - ok
12:28:07.0768 3364 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:28:07.0838 3364 BrFiltLo - ok
12:28:07.0868 3364 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:28:07.0888 3364 BrFiltUp - ok
12:28:07.0908 3364 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:28:07.0958 3364 BridgeMP - ok
12:28:08.0028 3364 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:28:08.0088 3364 Browser - ok
12:28:08.0118 3364 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:28:08.0208 3364 Brserid - ok
12:28:08.0228 3364 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:28:08.0278 3364 BrSerWdm - ok
12:28:08.0298 3364 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:28:08.0328 3364 BrUsbMdm - ok
12:28:08.0348 3364 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:28:08.0368 3364 BrUsbSer - ok
12:28:08.0378 3364 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:28:08.0408 3364 BTHMODEM - ok
12:28:08.0448 3364 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:28:08.0498 3364 bthserv - ok
12:28:08.0498 3364 catchme - ok
12:28:08.0538 3364 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:28:08.0618 3364 cdfs - ok
12:28:08.0688 3364 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:28:08.0758 3364 cdrom - ok
12:28:08.0818 3364 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:28:08.0928 3364 CertPropSvc - ok
12:28:08.0968 3364 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:28:08.0998 3364 circlass - ok
12:28:09.0048 3364 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:28:09.0098 3364 CLFS - ok
12:28:09.0188 3364 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:28:09.0218 3364 clr_optimization_v2.0.50727_32 - ok
12:28:09.0298 3364 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:28:09.0318 3364 clr_optimization_v2.0.50727_64 - ok
12:28:09.0408 3364 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:28:09.0448 3364 clr_optimization_v4.0.30319_32 - ok
12:28:09.0478 3364 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:28:09.0488 3364 clr_optimization_v4.0.30319_64 - ok
12:28:09.0528 3364 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:28:09.0578 3364 CmBatt - ok
12:28:09.0628 3364 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:28:09.0648 3364 cmdide - ok
12:28:09.0698 3364 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:28:09.0778 3364 CNG - ok
12:28:09.0918 3364 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
12:28:09.0948 3364 Com4QLBEx - ok
12:28:10.0008 3364 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:28:10.0018 3364 Compbatt - ok
12:28:10.0058 3364 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:28:10.0088 3364 CompositeBus - ok
12:28:10.0108 3364 COMSysApp - ok
12:28:10.0128 3364 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:28:10.0138 3364 crcdisk - ok
12:28:10.0198 3364 CryptSvc  (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:28:10.0258 3364 CryptSvc - ok
12:28:10.0318 3364 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:28:10.0378 3364 DcomLaunch - ok
12:28:10.0458 3364 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:28:10.0538 3364 defragsvc - ok
12:28:10.0578 3364 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:28:10.0628 3364 DfsC - ok
12:28:10.0678 3364 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:28:10.0738 3364 Dhcp - ok
12:28:10.0768 3364 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:28:10.0828 3364 discache - ok
12:28:10.0878 3364 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:28:10.0898 3364 Disk - ok
12:28:10.0918 3364 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:28:10.0998 3364 Dnscache - ok
12:28:11.0038 3364 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:28:11.0088 3364 dot3svc - ok
12:28:11.0198 3364 DpHost (5bc1d876dfd53c31c5fc65d2e9614015) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
12:28:11.0248 3364 DpHost ( UnsignedFile.Multi.Generic ) - warning
12:28:11.0248 3364 DpHost - detected UnsignedFile.Multi.Generic (1)
12:28:11.0289 3364 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:28:11.0339 3364 DPS - ok
12:28:11.0399 3364 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:28:11.0429 3364 drmkaud - ok
12:28:11.0529 3364 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:28:11.0569 3364 DXGKrnl - ok
12:28:11.0629 3364 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:28:11.0689 3364 EapHost - ok
12:28:11.0939 3364 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:28:12.0069 3364 ebdrv - ok
12:28:12.0209 3364 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:28:12.0289 3364 EFS - ok
12:28:12.0429 3364 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:28:12.0529 3364 ehRecvr - ok
12:28:12.0579 3364 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:28:12.0609 3364 ehSched - ok
12:28:12.0719 3364 ElbyCDIO (978cd6d9666627842340ef774fd9e2ac) C:\Windows\system32\Drivers\ElbyCDIO.sys
12:28:12.0739 3364 ElbyCDIO - ok
12:28:12.0789 3364 ElbyDelay (0dc1eb419f162be1f7b309fbf516a313) C:\Windows\system32\Drivers\ElbyDelay.sys
12:28:12.0799 3364 ElbyDelay - ok
12:28:12.0869 3364 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:28:12.0929 3364 elxstor - ok
12:28:12.0969 3364 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
12:28:12.0999 3364 enecir - ok
12:28:13.0039 3364 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:28:13.0089 3364 ErrDev - ok
12:28:13.0169 3364 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:28:13.0249 3364 EventSystem - ok
12:28:13.0289 3364 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:28:13.0359 3364 exfat - ok
12:28:13.0389 3364 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:28:13.0499 3364 fastfat - ok
12:28:13.0589 3364 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:28:13.0649 3364 Fax - ok
12:28:13.0679 3364 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:28:13.0709 3364 fdc - ok
12:28:13.0749 3364 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:28:13.0819 3364 fdPHost - ok
12:28:13.0849 3364 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:28:13.0909 3364 FDResPub - ok
12:28:13.0939 3364 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:28:13.0979 3364 FileInfo - ok
12:28:13.0999 3364 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:28:14.0049 3364 Filetrace - ok
12:28:14.0069 3364 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:28:14.0119 3364 flpydisk - ok
12:28:14.0189 3364 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:28:14.0219 3364 FltMgr - ok
12:28:14.0320 3364 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:28:14.0380 3364 FontCache - ok
12:28:14.0490 3364 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:28:14.0520 3364 FontCache3.0.0.0 - ok
12:28:14.0590 3364 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:28:14.0620 3364 FsDepends - ok
12:28:14.0690 3364 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
12:28:14.0720 3364 fssfltr - ok
12:28:14.0750 3364 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:28:14.0770 3364 Fs_Rec - ok
12:28:14.0840 3364 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:28:14.0890 3364 fvevol - ok
12:28:14.0920 3364 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:28:14.0940 3364 gagp30kx - ok
12:28:14.0970 3364 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:28:14.0980 3364 GEARAspiWDM - ok
12:28:15.0070 3364 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:28:15.0170 3364 gpsvc - ok
12:28:15.0270 3364 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:28:15.0300 3364 gupdate - ok
12:28:15.0340 3364 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:28:15.0350 3364 gupdatem - ok
12:28:15.0400 3364 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:28:15.0420 3364 gusvc - ok
12:28:15.0460 3364 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:28:15.0490 3364 hcw85cir - ok
12:28:15.0570 3364 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:28:15.0630 3364 HdAudAddService - ok
12:28:15.0700 3364 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:28:15.0740 3364 HDAudBus - ok
12:28:15.0760 3364 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:28:15.0770 3364 HidBatt - ok
12:28:15.0790 3364 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:28:15.0810 3364 HidBth - ok
12:28:15.0850 3364 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:28:15.0900 3364 HidIr - ok
12:28:15.0930 3364 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:28:15.0980 3364 hidserv - ok
12:28:16.0060 3364 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:28:16.0090 3364 HidUsb - ok
12:28:16.0130 3364 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:28:16.0200 3364 hkmsvc - ok
12:28:16.0250 3364 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:28:16.0310 3364 HomeGroupListener - ok
12:28:16.0350 3364 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:28:16.0390 3364 HomeGroupProvider - ok
12:28:16.0530 3364 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
12:28:16.0540 3364 HP Support Assistant Service - ok
12:28:16.0630 3364 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
12:28:16.0670 3364 HPDrvMntSvc.exe - ok
12:28:16.0710 3364 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
12:28:16.0730 3364 hpdskflt - ok
12:28:16.0830 3364 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:28:16.0840 3364 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
12:28:16.0840 3364 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
12:28:16.0860 3364 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:28:16.0880 3364 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
12:28:16.0880 3364 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
12:28:16.0920 3364 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:28:16.0990 3364 HpqKbFiltr - ok
12:28:17.0090 3364 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
12:28:17.0120 3364 hpqwmiex - ok
12:28:17.0170 3364 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:28:17.0190 3364 HpSAMD - ok
12:28:17.0300 3364 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:28:17.0350 3364 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
12:28:17.0350 3364 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
12:28:17.0390 3364 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
12:28:17.0400 3364 hpsrv - ok
12:28:17.0520 3364 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:28:17.0600 3364 HTTP - ok
12:28:17.0640 3364 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:28:17.0650 3364 hwpolicy - ok
12:28:17.0680 3364 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:28:17.0700 3364 i8042prt - ok
12:28:17.0760 3364 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:28:17.0790 3364 iaStorV - ok
12:28:17.0880 3364 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:28:17.0910 3364 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:28:17.0910 3364 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:28:18.0080 3364 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:28:18.0120 3364 idsvc - ok
12:28:18.0260 3364 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
12:28:18.0300 3364 IHA_MessageCenter - ok
12:28:18.0450 3364 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:28:18.0480 3364 iirsp - ok
12:28:18.0560 3364 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:28:18.0640 3364 IKEEXT - ok
12:28:18.0670 3364 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:28:18.0680 3364 intelide - ok
12:28:18.0710 3364 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:28:18.0740 3364 intelppm - ok
12:28:18.0790 3364 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:28:18.0850 3364 IPBusEnum - ok
12:28:18.0890 3364 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:28:18.0940 3364 IpFilterDriver - ok
12:28:18.0990 3364 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:28:19.0040 3364 iphlpsvc - ok
12:28:19.0080 3364 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:28:19.0100 3364 IPMIDRV - ok
12:28:19.0130 3364 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:28:19.0180 3364 IPNAT - ok
12:28:19.0350 3364 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
12:28:19.0390 3364 iPod Service - ok
12:28:19.0430 3364 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:28:19.0470 3364 IRENUM - ok
12:28:19.0510 3364 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:28:19.0520 3364 isapnp - ok
12:28:19.0580 3364 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:28:19.0620 3364 iScsiPrt - ok
12:28:19.0670 3364 JMCR (54df9eafb54a98e1a2ac3db69c16cf05) C:\Windows\system32\DRIVERS\jmcr.sys
12:28:19.0750 3364 JMCR - ok
12:28:19.0770 3364 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:28:19.0780 3364 kbdclass - ok
12:28:19.0820 3364 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:28:19.0840 3364 kbdhid - ok
12:28:19.0860 3364 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:28:19.0880 3364 KeyIso - ok
12:28:19.0890 3364 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:28:19.0910 3364 KSecDD - ok
12:28:19.0950 3364 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:28:20.0000 3364 KSecPkg - ok
12:28:20.0040 3364 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:28:20.0070 3364 ksthunk - ok
12:28:20.0120 3364 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:28:20.0180 3364 KtmRm - ok
12:28:20.0230 3364 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:28:20.0290 3364 LanmanServer - ok
12:28:20.0350 3364 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:28:20.0410 3364 LanmanWorkstation - ok
12:28:20.0490 3364 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:28:20.0510 3364 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:28:20.0510 3364 LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:28:20.0550 3364 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:28:20.0610 3364 lltdio - ok
12:28:20.0650 3364 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:28:20.0700 3364 lltdsvc - ok
12:28:20.0720 3364 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:28:20.0750 3364 lmhosts - ok
12:28:20.0810 3364 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:28:20.0820 3364 LSI_FC - ok
12:28:20.0840 3364 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:28:20.0850 3364 LSI_SAS - ok
12:28:20.0870 3364 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:28:20.0890 3364 LSI_SAS2 - ok
12:28:20.0910 3364 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:28:20.0930 3364 LSI_SCSI - ok
12:28:20.0950 3364 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:28:21.0010 3364 luafv - ok
12:28:21.0080 3364 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
12:28:21.0120 3364 McciCMService ( UnsignedFile.Multi.Generic ) - warning
12:28:21.0130 3364 McciCMService - detected UnsignedFile.Multi.Generic (1)
12:28:21.0250 3364 McciCMService64 (859e5a32485178daeca06b52e2bb44b2) C:\Program Files\Common Files\Motive\McciCMService.exe
12:28:21.0271 3364 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning
12:28:21.0271 3364 McciCMService64 - detected UnsignedFile.Multi.Generic (1)
12:28:21.0321 3364 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:28:21.0361 3364 Mcx2Svc - ok
12:28:21.0391 3364 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:28:21.0411 3364 megasas - ok
12:28:21.0461 3364 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:28:21.0491 3364 MegaSR - ok
12:28:21.0521 3364 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:28:21.0581 3364 MMCSS - ok
12:28:21.0591 3364 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:28:21.0621 3364 Modem - ok
12:28:21.0651 3364 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:28:21.0681 3364 monitor - ok
12:28:21.0731 3364 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:28:21.0771 3364 mouclass - ok
12:28:21.0811 3364 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:28:21.0821 3364 mouhid - ok
12:28:21.0871 3364 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:28:21.0901 3364 mountmgr - ok
12:28:21.0951 3364 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:28:21.0991 3364 mpio - ok
12:28:22.0001 3364 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:28:22.0041 3364 mpsdrv - ok
12:28:22.0131 3364 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:28:22.0191 3364 MpsSvc - ok
12:28:22.0271 3364 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
12:28:22.0301 3364 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
12:28:22.0301 3364 MREMP50 - detected UnsignedFile.Multi.Generic (1)
12:28:22.0351 3364 MREMP50a64 - ok
12:28:22.0351 3364 MREMPR5 - ok
12:28:22.0361 3364 MRENDIS5 - ok
12:28:22.0381 3364 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
12:28:22.0411 3364 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
12:28:22.0411 3364 MRESP50 - detected UnsignedFile.Multi.Generic (1)
12:28:22.0421 3364 MRESP50a64 - ok
12:28:22.0471 3364 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:28:22.0521 3364 MRxDAV - ok
12:28:22.0561 3364 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:28:22.0651 3364 mrxsmb - ok
12:28:22.0711 3364 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:28:22.0771 3364 mrxsmb10 - ok
12:28:22.0801 3364 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:28:22.0821 3364 mrxsmb20 - ok
12:28:22.0851 3364 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:28:22.0891 3364 msahci - ok
12:28:22.0921 3364 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:28:22.0941 3364 msdsm - ok
12:28:22.0971 3364 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:28:23.0031 3364 MSDTC - ok
12:28:23.0081 3364 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:28:23.0111 3364 Msfs - ok
12:28:23.0121 3364 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:28:23.0171 3364 mshidkmdf - ok
12:28:23.0211 3364 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:28:23.0221 3364 msisadrv - ok
12:28:23.0261 3364 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:28:23.0331 3364 MSiSCSI - ok
12:28:23.0341 3364 msiserver - ok
12:28:23.0361 3364 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:28:23.0401 3364 MSKSSRV - ok
12:28:23.0441 3364 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:28:23.0501 3364 MSPCLOCK - ok
12:28:23.0521 3364 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:28:23.0571 3364 MSPQM - ok
12:28:23.0641 3364 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:28:23.0681 3364 MsRPC - ok
12:28:23.0721 3364 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:28:23.0731 3364 mssmbios - ok
12:28:23.0741 3364 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:28:23.0801 3364 MSTEE - ok
12:28:23.0821 3364 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:28:23.0851 3364 MTConfig - ok
12:28:23.0891 3364 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:28:23.0901 3364 Mup - ok
12:28:23.0961 3364 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:28:24.0021 3364 napagent - ok
12:28:24.0091 3364 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:28:24.0131 3364 NativeWifiP - ok
12:28:24.0231 3364 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:28:24.0261 3364 NDIS - ok
12:28:24.0281 3364 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:28:24.0331 3364 NdisCap - ok
12:28:24.0361 3364 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:28:24.0401 3364 NdisTapi - ok
12:28:24.0461 3364 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:28:24.0551 3364 Ndisuio - ok
12:28:24.0601 3364 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:28:24.0671 3364 NdisWan - ok
12:28:24.0711 3364 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:28:24.0761 3364 NDProxy - ok
12:28:24.0811 3364 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
12:28:24.0821 3364 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:28:24.0821 3364 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:28:24.0861 3364 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:28:24.0911 3364 NetBIOS - ok
12:28:24.0951 3364 NetBT  (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:28:25.0031 3364 NetBT - ok
12:28:25.0061 3364 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:28:25.0081 3364 Netlogon - ok
12:28:25.0131 3364 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:28:25.0191 3364 Netman - ok
12:28:25.0251 3364 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:28:25.0311 3364 netprofm - ok
12:28:25.0431 3364 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:28:25.0461 3364 NetTcpPortSharing - ok
12:28:25.0981 3364 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
12:28:26.0201 3364 NETw5s64 - ok
12:28:26.0801 3364 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
12:28:26.0941 3364 netw5v64 - ok
12:28:27.0121 3364 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:28:27.0151 3364 nfrd960 - ok
12:28:27.0221 3364 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:28:27.0261 3364 NlaSvc - ok
12:28:27.0271 3364 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:28:27.0311 3364 Npfs - ok
12:28:27.0351 3364 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:28:27.0411 3364 nsi - ok
12:28:27.0421 3364 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:28:27.0471 3364 nsiproxy - ok
12:28:27.0571 3364 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:28:27.0621 3364 Ntfs - ok
12:28:27.0791 3364 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:28:27.0861 3364 Null - ok
12:28:27.0921 3364 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
12:28:27.0951 3364 NVHDA - ok
12:28:28.0582 3364 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:28:28.0922 3364 nvlddmkm - ok
12:28:29.0122 3364 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:28:29.0162 3364 nvraid - ok
12:28:29.0202 3364 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:28:29.0222 3364 nvstor - ok
12:28:29.0282 3364 nvsvc (c1668d58547dd0c4a0fbd6afa20d5890) C:\Windows\system32\nvvsvc.exe
12:28:29.0312 3364 nvsvc - ok
12:28:29.0362 3364 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:28:29.0372 3364 nv_agp - ok
12:28:29.0512 3364 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:28:29.0562 3364 odserv - ok
12:28:29.0592 3364 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:28:29.0622 3364 ohci1394 - ok
12:28:29.0692 3364 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:28:29.0732 3364 ose - ok
12:28:29.0792 3364 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:28:29.0852 3364 p2pimsvc - ok
12:28:29.0912 3364 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:28:29.0942 3364 p2psvc - ok
12:28:29.0982 3364 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:28:30.0002 3364 Parport - ok
12:28:30.0042 3364 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:28:30.0052 3364 partmgr - ok
12:28:30.0072 3364 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:28:30.0112 3364 PcaSvc - ok
12:28:30.0162 3364 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:28:30.0212 3364 pci - ok
12:28:30.0242 3364 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:28:30.0252 3364 pciide - ok
12:28:30.0282 3364 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:28:30.0302 3364 pcmcia - ok
12:28:30.0322 3364 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:28:30.0332 3364 pcw - ok
12:28:30.0382 3364 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:28:30.0432 3364 PEAUTH - ok
12:28:30.0532 3364 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:28:30.0592 3364 PerfHost - ok
12:28:30.0742 3364 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:28:30.0872 3364 pla - ok
12:28:30.0952 3364 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:28:31.0042 3364 PlugPlay - ok
12:28:31.0102 3364 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
12:28:31.0122 3364 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:28:31.0122 3364 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:28:31.0162 3364 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:28:31.0192 3364 PNRPAutoReg - ok
12:28:31.0222 3364 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:28:31.0242 3364 PNRPsvc - ok
12:28:31.0332 3364 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
12:28:31.0342 3364 Point64 - ok
12:28:31.0412 3364 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:28:31.0492 3364 PolicyAgent - ok
12:28:31.0542 3364 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:28:31.0602 3364 Power - ok
12:28:31.0662 3364 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:28:31.0742 3364 PptpMiniport - ok
12:28:31.0772 3364 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:28:31.0832 3364 Processor - ok
12:28:31.0902 3364 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:28:31.0952 3364 ProfSvc - ok
12:28:31.0982 3364 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:28:32.0002 3364 ProtectedStorage - ok
12:28:32.0052 3364 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:28:32.0102 3364 Psched - ok
12:28:32.0212 3364 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:28:32.0272 3364 ql2300 - ok
12:28:32.0422 3364 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:28:32.0462 3364 ql40xx - ok
12:28:32.0512 3364 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:28:32.0552 3364 QWAVE - ok
12:28:32.0562 3364 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:28:32.0582 3364 QWAVEdrv - ok
12:28:32.0592 3364 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:28:32.0652 3364 RasAcd - ok
12:28:32.0712 3364 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:28:32.0792 3364 RasAgileVpn - ok
12:28:32.0812 3364 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:28:32.0872 3364 RasAuto - ok
12:28:32.0922 3364 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:28:33.0022 3364 Rasl2tp - ok
12:28:33.0092 3364 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:28:33.0152 3364 RasMan - ok
12:28:33.0202 3364 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:28:33.0272 3364 RasPppoe - ok
12:28:33.0302 3364 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:28:33.0362 3364 RasSstp - ok
12:28:33.0412 3364 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:28:33.0512 3364 rdbss - ok
12:28:33.0542 3364 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:28:33.0552 3364 rdpbus - ok
12:28:33.0562 3364 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:28:33.0622 3364 RDPCDD - ok
12:28:33.0642 3364 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:28:33.0712 3364 RDPENCDD - ok
12:28:33.0742 3364 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:28:33.0772 3364 RDPREFMP - ok
12:28:33.0822 3364 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:28:33.0852 3364 RDPWD - ok
12:28:33.0892 3364 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:28:33.0922 3364 rdyboost - ok
12:28:34.0032 3364 Recovery Service for Windows (bc0a4d47472b042537f4e57b950415fa) C:\Program Files (x86)\SMINST\BLService.exe
12:28:34.0052 3364 Recovery Service for Windows - ok
12:28:34.0102 3364 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:28:34.0152 3364 RemoteAccess - ok
12:28:34.0182 3364 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:28:34.0272 3364 RemoteRegistry - ok
12:28:34.0372 3364 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
12:28:34.0372 3364 RichVideo ( UnsignedFile.Multi.Generic ) - warning
12:28:34.0372 3364 RichVideo - detected UnsignedFile.Multi.Generic (1)
12:28:34.0382 3364 RimUsb - ok
12:28:34.0432 3364 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
12:28:34.0452 3364 RimVSerPort - ok
12:28:34.0492 3364 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
12:28:34.0542 3364 ROOTMODEM - ok
12:28:34.0592 3364 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:28:34.0652 3364 RpcEptMapper - ok
12:28:34.0692 3364 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:28:34.0722 3364 RpcLocator - ok
12:28:34.0792 3364 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:28:34.0832 3364 RpcSs - ok
12:28:34.0862 3364 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:28:34.0902 3364 rspndr - ok
12:28:34.0982 3364 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:28:35.0072 3364 RTL8167 - ok
12:28:35.0132 3364 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
12:28:35.0252 3364 RTL8169 - ok
12:28:35.0273 3364 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:28:35.0283 3364 SamSs - ok
12:28:35.0323 3364 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:28:35.0343 3364 sbp2port - ok
12:28:35.0393 3364 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:28:35.0453 3364 SCardSvr - ok
12:28:35.0493 3364 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:28:35.0573 3364 scfilter - ok
12:28:35.0693 3364 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:28:35.0763 3364 Schedule - ok
12:28:35.0793 3364 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:28:35.0833 3364 SCPolicySvc - ok
12:28:35.0873 3364 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:28:35.0943 3364 SDRSVC - ok
12:28:36.0053 3364 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:28:36.0093 3364 SeaPort - ok
12:28:36.0153 3364 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:28:36.0193 3364 secdrv - ok
12:28:36.0223 3364 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:28:36.0273 3364 seclogon - ok
12:28:36.0323 3364 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:28:36.0353 3364 SENS - ok
12:28:36.0393 3364 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:28:36.0453 3364 SensrSvc - ok
12:28:36.0473 3364 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:28:36.0513 3364 Serenum - ok
12:28:36.0563 3364 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:28:36.0593 3364 Serial - ok
12:28:36.0623 3364 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:28:36.0663 3364 sermouse - ok
12:28:36.0803 3364 ServicepointService (b041aae7a14a0db47583f9c866b8b2ea) C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
12:28:36.0843 3364 ServicepointService - ok
12:28:36.0883 3364 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:28:36.0993 3364 SessionEnv - ok
12:28:37.0023 3364 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:28:37.0093 3364 sffdisk - ok
12:28:37.0113 3364 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:28:37.0123 3364 sffp_mmc - ok
12:28:37.0133 3364 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:28:37.0173 3364 sffp_sd - ok
12:28:37.0213 3364 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:28:37.0223 3364 sfloppy - ok
12:28:37.0273 3364 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:28:37.0383 3364 SharedAccess - ok
12:28:37.0453 3364 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:28:37.0553 3364 ShellHWDetection - ok
12:28:37.0593 3364 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:28:37.0603 3364 SiSRaid2 - ok
12:28:37.0623 3364 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:28:37.0643 3364 SiSRaid4 - ok
12:28:37.0683 3364 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:28:37.0733 3364 Smb - ok
12:28:37.0783 3364 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:28:37.0793 3364 SNMPTRAP - ok
12:28:37.0893 3364 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
12:28:37.0903 3364 speedfan - ok
12:28:37.0913 3364 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:28:37.0933 3364 spldr - ok
12:28:37.0993 3364 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:28:38.0043 3364 Spooler - ok
12:28:38.0313 3364 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:28:38.0413 3364 sppsvc - ok
12:28:38.0553 3364 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:28:38.0653 3364 sppuinotify - ok
12:28:38.0723 3364 sprtsvc_verizondm - ok
12:28:38.0823 3364 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:28:38.0903 3364 srv - ok
12:28:38.0943 3364 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:28:38.0993 3364 srv2 - ok
12:28:39.0033 3364 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:28:39.0073 3364 srvnet - ok
12:28:39.0133 3364 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:28:39.0173 3364 SSDPSRV - ok
12:28:39.0193 3364 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:28:39.0223 3364 SstpSvc - ok
12:28:39.0363 3364 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
12:28:39.0423 3364 STacSV - ok
12:28:39.0453 3364 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:28:39.0473 3364 stexstor - ok
12:28:39.0533 3364 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
12:28:39.0573 3364 STHDA - ok
12:28:39.0603 3364 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
12:28:39.0643 3364 StillCam - ok
12:28:39.0733 3364 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:28:39.0763 3364 stisvc - ok
12:28:39.0793 3364 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:28:39.0803 3364 swenum - ok
12:28:39.0863 3364 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:28:39.0923 3364 swprv - ok
12:28:39.0973 3364 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
12:28:39.0993 3364 SynTP - ok
12:28:40.0143 3364 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:28:40.0233 3364 SysMain - ok
12:28:40.0383 3364 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:28:40.0473 3364 TabletInputService - ok
12:28:40.0533 3364 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:28:40.0603 3364 TapiSrv - ok
12:28:40.0633 3364 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:28:40.0673 3364 TBS - ok
12:28:40.0903 3364 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:28:40.0973 3364 Tcpip - ok
12:28:41.0213 3364 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:28:41.0263 3364 TCPIP6 - ok
12:28:41.0353 3364 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:28:41.0423 3364 tcpipreg - ok
12:28:41.0473 3364 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:28:41.0493 3364 TDPIPE - ok
12:28:41.0523 3364 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:28:41.0573 3364 TDTCP - ok
12:28:41.0633 3364 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:28:41.0713 3364 tdx - ok
12:28:41.0743 3364 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:28:41.0753 3364 TermDD - ok
12:28:41.0843 3364 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:28:41.0943 3364 TermService - ok
12:28:41.0993 3364 tgsrvc_verizondm - ok
12:28:42.0033 3364 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:28:42.0073 3364 Themes - ok
12:28:42.0103 3364 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:28:42.0143 3364 THREADORDER - ok
12:28:42.0163 3364 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:28:42.0203 3364 TrkWks - ok
12:28:42.0274 3364 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:28:42.0334 3364 TrustedInstaller - ok
12:28:42.0364 3364 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:28:42.0404 3364 tssecsrv - ok
12:28:42.0454 3364 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:28:42.0484 3364 TsUsbFlt - ok
12:28:42.0544 3364 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:28:42.0624 3364 tunnel - ok
12:28:42.0744 3364 TVCapSvc (1c31169dddc70c1605f703da701eaeea) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
12:28:42.0784 3364 TVCapSvc - ok
12:28:42.0804 3364 TVSched (290b8c381dbc15d3dbcbd2bdb6b0ba12) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
12:28:42.0814 3364 TVSched - ok
12:28:42.0844 3364 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:28:42.0854 3364 uagp35 - ok
12:28:42.0904 3364 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:28:42.0954 3364 udfs - ok
12:28:42.0994 3364 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:28:43.0024 3364 UI0Detect - ok
12:28:43.0064 3364 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:28:43.0074 3364 uliagpkx - ok
12:28:43.0114 3364 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:28:43.0164 3364 umbus - ok
12:28:43.0194 3364 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:28:43.0234 3364 UmPass - ok
12:28:43.0274 3364 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:28:43.0314 3364 upnphost - ok
12:28:43.0394 3364 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:28:43.0444 3364 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
12:28:43.0444 3364 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
12:28:43.0474 3364 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:28:43.0514 3364 usbccgp - ok
12:28:43.0564 3364 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:28:43.0594 3364 usbcir - ok
12:28:43.0604 3364 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:28:43.0624 3364 usbehci - ok
12:28:43.0674 3364 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:28:43.0684 3364 usbhub - ok
12:28:43.0704 3364 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:28:43.0714 3364 usbohci - ok
12:28:43.0754 3364 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:28:43.0774 3364 usbprint - ok
12:28:43.0804 3364 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:28:43.0814 3364 usbscan - ok
12:28:43.0824 3364 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:28:43.0864 3364 USBSTOR - ok
12:28:43.0874 3364 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:28:43.0884 3364 usbuhci - ok
12:28:43.0934 3364 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:28:43.0974 3364 usbvideo - ok
12:28:44.0004 3364 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:28:44.0054 3364 UxSms - ok
12:28:44.0094 3364 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:28:44.0114 3364 VaultSvc - ok
12:28:44.0144 3364 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:28:44.0164 3364 vdrvroot - ok
12:28:44.0224 3364 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:28:44.0295 3364 vds - ok
12:28:44.0365 3364 vfsFPService (4b6f9959f8df8fadc8170cd8a6bce5c2) C:\Windows\system32\vfsFPService.exe
12:28:44.0385 3364 vfsFPService - ok
12:28:44.0435 3364 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:28:44.0445 3364 vga - ok
12:28:44.0475 3364 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:28:44.0545 3364 VgaSave - ok
12:28:44.0595 3364 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:28:44.0645 3364 vhdmp - ok
12:28:44.0665 3364 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:28:44.0675 3364 viaide - ok
12:28:44.0715 3364 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:28:44.0735 3364 volmgr - ok
12:28:44.0785 3364 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:28:44.0815 3364 volmgrx - ok
12:28:44.0855 3364 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:28:44.0875 3364 volsnap - ok
12:28:44.0975 3364 vpnagent (cb7859f7029ac19e9b9c76aa0e5e79d2) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
12:28:44.0995 3364 vpnagent - ok
12:28:45.0015 3364 vpnva (a6ca1c89eb232697ca6369eb55729e48) C:\Windows\system32\DRIVERS\vpnva64.sys
12:28:45.0075 3364 vpnva - ok
12:28:45.0135 3364 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:28:45.0185 3364 vsmraid - ok
12:28:45.0315 3364 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:28:45.0405 3364 VSS - ok
12:28:45.0575 3364 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:28:45.0635 3364 vwifibus - ok
12:28:45.0685 3364 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:28:45.0705 3364 vwififlt - ok
12:28:45.0775 3364 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:28:45.0835 3364 W32Time - ok
12:28:45.0875 3364 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:28:45.0885 3364 WacomPen - ok
12:28:45.0935 3364 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:28:46.0025 3364 WANARP - ok
12:28:46.0045 3364 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:28:46.0075 3364 Wanarpv6 - ok
12:28:46.0245 3364 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:28:46.0315 3364 WatAdminSvc - ok
12:28:46.0455 3364 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:28:46.0555 3364 wbengine - ok
12:28:46.0715 3364 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:28:46.0745 3364 WbioSrvc - ok
12:28:46.0795 3364 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:28:46.0845 3364 wcncsvc - ok
12:28:46.0855 3364 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:28:46.0885 3364 WcsPlugInService - ok
12:28:46.0955 3364 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:28:46.0985 3364 Wd - ok
12:28:47.0035 3364 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:28:47.0075 3364 Wdf01000 - ok
12:28:47.0085 3364 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:28:47.0195 3364 WdiServiceHost - ok
12:28:47.0195 3364 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:28:47.0215 3364 WdiSystemHost - ok
12:28:47.0265 3364 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:28:47.0315 3364 WebClient - ok
12:28:47.0375 3364 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:28:47.0445 3364 Wecsvc - ok
12:28:47.0475 3364 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:28:47.0515 3364 wercplsupport - ok
12:28:47.0525 3364 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:28:47.0565 3364 WerSvc - ok
12:28:47.0655 3364 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:28:47.0735 3364 WfpLwf - ok
12:28:47.0755 3364 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:28:47.0765 3364 WIMMount - ok
12:28:47.0845 3364 WinDefend - ok
12:28:47.0855 3364 WinHttpAutoProxySvc - ok
12:28:47.0955 3364 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:28:48.0025 3364 Winmgmt - ok
12:28:48.0195 3364 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:28:48.0315 3364 WinRM - ok
12:28:48.0505 3364 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
12:28:48.0535 3364 WinUSB - ok
12:28:48.0625 3364 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:28:48.0705 3364 Wlansvc - ok
12:28:48.0975 3364 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:28:49.0045 3364 wlidsvc - ok
12:28:49.0225 3364 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:28:49.0286 3364 WmiAcpi - ok
12:28:49.0376 3364 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:28:49.0446 3364 wmiApSrv - ok
12:28:49.0536 3364 WMPNetworkSvc - ok
12:28:49.0566 3364 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:28:49.0626 3364 WPCSvc - ok
12:28:49.0666 3364 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:28:49.0716 3364 WPDBusEnum - ok
12:28:49.0756 3364 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:28:49.0806 3364 ws2ifsl - ok
12:28:49.0836 3364 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:28:49.0876 3364 wscsvc - ok
12:28:49.0876 3364 WSearch - ok
12:28:50.0066 3364 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:28:50.0146 3364 wuauserv - ok
12:28:50.0316 3364 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:28:50.0416 3364 WudfPf - ok
12:28:50.0466 3364 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:28:50.0526 3364 WUDFRd - ok
12:28:50.0556 3364 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:28:50.0596 3364 wudfsvc - ok
12:28:50.0656 3364 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:28:50.0726 3364 WwanSvc - ok
12:28:50.0856 3364 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
12:28:50.0896 3364 YahooAUService - ok
12:28:50.0986 3364 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
12:28:51.0016 3364 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
12:28:51.0076 3364 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
12:28:51.0166 3364 \Device\Harddisk0\DR0 - ok
12:28:51.0196 3364 Boot (0x1200) (c7ba1b34d53f73cf46097e219f504788) \Device\Harddisk0\DR0\Partition0
12:28:51.0206 3364 \Device\Harddisk0\DR0\Partition0 - ok
12:28:51.0236 3364 Boot (0x1200) (29489b40637010b973f6322579303eec) \Device\Harddisk0\DR0\Partition1
12:28:51.0236 3364 \Device\Harddisk0\DR0\Partition1 - ok
12:28:51.0236 3364 ============================================================
12:28:51.0236 3364 Scan finished
12:28:51.0236 3364 ============================================================
12:28:51.0266 5648 Detected object count: 14
12:28:51.0266 5648 Actual detected object count: 14
12:29:42.0547 5648 DpHost ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:42.0547 5648 DpHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:29:42.0547 5648 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:42.0547 5648 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:29:42.0547 5648 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:42.0547 5648 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:29:42.0557 5648 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:42.0557 5648 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:29:42.0557 5648 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:42.0557 5648 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:29:42.0557 5648 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:42.0557 5648 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:29:42.0557 5648 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:42.0557 5648 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:29:42.0557 5648 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:42.0557 5648 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:29:42.0567 5648 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:42.0567 5648 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:29:42.0567 5648 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:42.0567 5648 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:29:42.0567 5648 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:42.0567 5648 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:29:42.0567 5648 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:42.0567 5648 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:29:42.0577 5648 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:42.0577 5648 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:29:42.0577 5648 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:42.0577 5648 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip


----------



## kevinf80 (Mar 21, 2006)

Are the redirects specific to one browser or do they happen in more than one browser?


----------



## mlanspery (Apr 29, 2012)

I usually just use IE. But i just tried firefox, and it's doing the same thing on that browser too.


----------



## kevinf80 (Mar 21, 2006)

OK, run the following:

*Step 1*

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select Run as Administartor
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

*Step 2*








Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*Step 3*

Download *OTL* from any of the following links and save to your desktop.

*Link 1*
*Link 2*
* Link3*

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).


 Please check the box next to "LOP check" and "Purtiy check"
 Click *Run Scan* and let the program run uninterrupted.
 When the scan is complete, two text files will be created on your Desktop.
 *OTL.Txt* <- this one will be opened
 *Extras.txt* <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply

Let me see those logs in your reply..

Kevin


----------



## mlanspery (Apr 29, 2012)

Kevin, here are the logs. First, Malwarebytes. I tried running this program the other day, and it eliminated a bunch of nasties, but did not solve the issue. Today, the scan was clear.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.30.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mike :: MIKE-HPLAPTOP [administrator]
4/30/2012 4:58:06 PM
mbam-log-2012-04-30 (16-58-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207636
Time elapsed: 4 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

OTL
OTL logfile created on: 4/30/2012 5:04:45 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Mike\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 60.22% Memory free
7.93 Gb Paging File | 6.16 Gb Available in Paging File | 77.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.90 Gb Total Space | 338.54 Gb Free Space | 74.26% Space Free | Partition Type: NTFS
Drive D: | 9.86 Gb Total Space | 1.73 Gb Free Space | 17.52% Space Free | Partition Type: NTFS

Computer Name: MIKE-HPLAPTOP | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 17:04:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.com
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/07/09 10:44:34 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011/06/28 16:16:38 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/01 06:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/02/01 06:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
PRC - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/02/03 16:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/26 20:13:08 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/11/26 20:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:*64bit:* - [2010/03/23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:*64bit:* - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:*64bit:* - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:*64bit:* - [2008/11/18 09:09:46 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)
SRV - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/28 16:16:38 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/01 06:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/02/01 06:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost) @C:\Program Files (x86)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2009/02/03 16:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/26 20:13:08 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/11/26 20:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/11/18 09:09:42 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:*64bit:* - [2011/06/28 16:16:38 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:*64bit:* - [2011/06/28 16:16:38 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:*64bit:* - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:*64bit:* - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:*64bit:* - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:*64bit:* - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2010/03/23 15:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:*64bit:* - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:*64bit:* - [2009/08/21 21:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:*64bit:* - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:*64bit:* - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:*64bit:* - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:*64bit:* - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:*64bit:* - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2009/02/03 16:23:46 | 000,019,456 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:*64bit:* - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:*64bit:* - [2008/10/23 05:42:06 | 000,128,352 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:*64bit:* - [2008/09/04 13:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:*64bit:* - [2008/08/06 12:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:*64bit:* - [2007/03/15 18:42:11 | 000,091,336 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:*64bit:* - [2007/02/28 16:52:00 | 000,017,616 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:*64bit:* - [2006/12/13 19:41:49 | 000,014,032 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/11/28 21:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/20 02:44:39] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2007/03/15 18:42:11 | 000,091,336 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/12/13 19:41:49 | 000,014,032 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyDelay.sys -- (ElbyDelay)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{0A0478A1-EF33-4719-B76E-56BB9FBAFAB6}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE:*64bit:* - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE:*64bit:* - HKLM\..\SearchScopes\{9C37F2A3-6850-40B3-A381-2A0AF373F32F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0A0478A1-EF33-4719-B76E-56BB9FBAFAB6}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9C37F2A3-6850-40B3-A381-2A0AF373F32F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.jetsinsider.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=HPNTDF&PC=HPNTDF&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0A0478A1-EF33-4719-B76E-56BB9FBAFAB6}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_en
IE - HKCU\..\SearchScopes\{9C37F2A3-6850-40B3-A381-2A0AF373F32F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{DD2FF794-CB76-2726-F5E6-1807534DB7FE}: "URL" = http://www.bing.com/search?q={searc...&install_date=20111220&iesrc={referrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z144&ocid=zdhp&install_date=20111220"
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.0.3790
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z144&form=ZGAADF&install_date=20111220&q="

FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Mike\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/09/16 07:37:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 19:34:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/20 17:53:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/20 17:53:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010/09/16 07:37:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 19:34:50 | 000,000,000 | ---D | M]

[2009/12/02 18:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2012/04/29 20:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions
[2009/12/11 12:50:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/01 21:47:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/21 13:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/21 20:28:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/21 08:56:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/21 12:24:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/21 10:35:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/21 13:21:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/14 16:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011/07/14 16:42:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\USERS\MIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7DVYGASY.DEFAULT\EXTENSIONS\[email protected]
[2011/11/10 22:24:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/10 22:24:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Verizon Servicepoint (Enabled) = C:\Program Files (x86)\Verizon\VSP\nprpspa.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Mike\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/30 07:13:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:*64bit:* - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Verizon] C:\Users\Mike\AppData\Local\Verizon\jtvsoghp.dll (MainConcept AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab (HP Product Detection Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://38.104.166.66/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{808AABB5-3F0C-4BCE-BCBD-09E3B8A007C4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99A38EE9-40F6-4F54-A3A4-80944AABE7F0}: DhcpNameServer = 71.243.0.12 68.237.161.12
O18:*64bit:* - Protocol\Handler\msdaipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\Mike\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mike\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/30 17:04:17 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.com
[2012/04/30 16:50:01 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\TFC.exe
[2012/04/30 12:25:37 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\tdsskiller (1).exe
[2012/04/30 08:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/30 07:13:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/04/29 19:58:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/29 19:58:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/29 19:58:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/29 19:58:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/29 19:55:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/29 19:47:04 | 004,479,463 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
[2012/04/29 14:10:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\dds.com
[2012/04/29 14:07:20 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Mike\Desktop\HijackThis.exe
[2012/04/26 11:09:18 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Verizon
[2012/04/13 09:49:11 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/13 09:49:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/13 09:49:10 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/13 09:49:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/13 09:49:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/13 09:49:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/13 09:49:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/13 09:49:09 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/13 09:49:09 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/13 09:49:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/13 09:49:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/13 09:48:39 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/13 09:48:39 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/13 09:48:39 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/13 09:43:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/13 09:43:55 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/13 09:43:54 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

========== Files - Modified Within 30 Days ==========

[2012/04/30 17:04:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.com
[2012/04/30 17:02:32 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 17:02:32 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 17:01:23 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/30 17:01:23 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/30 17:01:23 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/30 17:00:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/30 16:54:56 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/30 16:54:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/30 16:54:40 | 3195,424,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 16:50:12 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\TFC.exe
[2012/04/30 12:25:41 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\tdsskiller (1).exe
[2012/04/30 07:13:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/29 19:47:08 | 004,479,463 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
[2012/04/29 14:10:13 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\dds.com
[2012/04/29 14:07:23 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mike\Desktop\HijackThis.exe
[2012/04/27 19:16:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/26 11:27:29 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMike.job
[2012/04/13 18:14:53 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/29 20:03:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/04/29 20:03:08 | 000,000,121 | ---- | C] () -- C:\Users\Public\Desktop\More Games at GameHouse.com.url
[2012/04/29 19:58:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/29 19:58:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/29 19:58:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/29 19:58:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/29 19:58:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/17 14:50:27 | 000,000,176 | ---- | C] () -- C:\ProgramData\~RDHf2GmoKRq48xr
[2012/01/17 14:50:26 | 000,000,296 | ---- | C] () -- C:\ProgramData\~RDHf2GmoKRq48x
[2012/01/17 14:50:19 | 000,000,464 | ---- | C] () -- C:\ProgramData\RDHf2GmoKRq48x
[2012/01/17 14:07:06 | 000,008,555 | ---- | C] () -- C:\Users\Mike\AppData\Local\33ea55dc
[2012/01/17 14:07:06 | 000,008,524 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\58fa6385
[2012/01/17 14:07:06 | 000,008,495 | ---- | C] () -- C:\ProgramData\f2522e7f
[2011/04/06 19:59:30 | 000,146,787 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\MMUpgrade.jpg
[2011/02/28 22:05:59 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.INI
[2011/02/28 22:05:46 | 000,003,584 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/28 09:57:05 | 000,001,854 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\GhostObjGAFix.xml
[2011/02/07 11:02:17 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/11/25 19:30:40 | 000,202,415 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/11/25 19:30:40 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat

========== LOP Check ==========

[2012/04/27 19:02:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\60AAB
[2011/11/16 15:38:12 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\a8gRZ9hYXjVlBzN
[2012/01/19 18:35:40 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ABD9E
[2011/12/20 13:12:07 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\BitTorrent
[2009/12/13 16:38:20 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Cisco
[2011/12/20 10:36:23 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ConverterLite
[2009/12/01 20:08:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\DigitalPersona
[2011/11/16 17:52:57 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\DKK77RR9gTqjCk
[2011/11/16 15:38:05 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\dQH6dWK7f
[2011/11/16 15:38:12 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\FA1ivD2on4m5Q7E
[2011/11/16 15:37:57 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\FkUVelOBtPyAiDo
[2010/12/28 22:29:50 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\GameHouse
[2011/11/16 14:27:24 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\HL9hTXqjUeIrOyA
[2011/11/16 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\I1uvD2obF
[2011/11/16 15:36:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\LXwjUVelItP
[2011/11/16 14:27:26 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\oS11ibD3oG4
[2011/11/16 14:27:33 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Q4ppmH5sQ7d
[2011/11/16 14:27:32 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\qlOOBtzP0cA1v2n
[2010/12/28 22:30:15 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Scrabble Plus
[2011/11/16 19:04:31 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\swjUCelIBzN
[2011/11/06 17:32:33 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TeamViewer
[2011/02/28 19:46:41 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TechWizard
[2011/11/16 15:36:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\WD2on4H5s7Eg
[2009/12/01 20:56:29 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\{8126D2ED-1984-4573-9D57-97637E10C716}
[2011/08/15 10:41:21 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Extras
OTL Extras logfile created on: 4/30/2012 5:04:45 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Mike\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 60.22% Memory free
7.93 Gb Paging File | 6.16 Gb Available in Paging File | 77.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.90 Gb Total Space | 338.54 Gb Free Space | 74.26% Space Free | Partition Type: NTFS
Drive D: | 9.86 Gb Total Space | 1.73 Gb Free Space | 17.52% Space Free | Partition Type: NTFS

Computer Name: MIKE-HPLAPTOP | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064124F7-B5FD-483B-A44F-8184C18A0A6A}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{06A6416A-7727-4F03-B1F5-011974292C88}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{27A524A6-A238-4FC3-9569-8DABE51F1AA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{281DC901-1F4A-4B20-9569-270F3773D365}" = rport=137 | protocol=17 | dir=out | app=system | 
"{34FE80A1-12EB-4879-B73D-B32347DC6C5E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{39A39B2D-F6F1-404C-9B86-BCBF04AA9CAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{417E122C-E8CF-40AC-98AE-5C421130561E}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter | 
"{49083A3C-69A7-4F44-BCC5-E7F5A9BD7ADD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4ECA7B5A-D36B-43DD-8420-DB501230A579}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter | 
"{5C015A68-C0F5-43B8-9CD8-0338E51B5C95}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5CD7D42D-1D38-46EC-BDFE-83DD2F37DDB6}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{5FF03357-82BC-475B-914D-393EDA1450DD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6CCD86D8-840D-4AAC-8197-864055775EAC}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{885A2DA6-E24C-4669-BBD9-DD97C2D0FD4F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{93C3AC29-E177-4E97-8C00-D13B910DA663}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{95B1A251-8541-47FC-9A6E-BDBC91A0DE8F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9B8FCCD6-7975-4A48-8EC0-CEE31C02D2C2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9DBF41FF-57C9-4E73-A3CD-25AF26E959BA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{9E14F442-E1CD-45A9-B03B-DFC3DB60B3FD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9FA8BF14-74B4-46A7-9C24-FB96181B6358}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AEF3143D-E720-49CA-91EC-3441207249D7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C0078275-B729-494E-9721-5B77AE6698D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0132A7A-0B3A-46BB-AAD7-5C02BFFE4F8F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CF081A6A-24DA-4444-9868-B989A32638AA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D407CA59-8FA4-49C6-923B-2BFACB8F3F12}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{D5F92225-3F1E-4A0B-88D8-C40CB6B0C045}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{DB4833AF-4C3F-4A98-B074-DB1A14C7A70E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E97D011B-FACF-4C81-9C3E-E0A87CF5ED55}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{E9DB8F52-4BA6-4720-AC1F-2D7A7606B720}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F1DFD6EA-888C-4852-9E81-0AE12158C7C5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FB53DC8E-A587-4F1D-AABC-3EFFE1E6CCE0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A612F3-29C5-4915-8217-08B1F2FD1478}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{15306356-ABC4-4C46-B723-A65EE53DF5C1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{15CB49FC-2631-46E0-80D1-47BF9CB170C5}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{188D4CEB-3417-459A-9B24-AF6489C857C7}" = protocol=1 | dir=out | [email protected],-28544 | 
"{18D5CCB3-DAFC-4EA3-BD4F-E26F031A72D3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{1E71B1D1-09AD-4A8B-BD13-40B2E87F8F1A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{1F696A1A-D56A-419E-911A-066BA3340478}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{1FC24525-A08D-4D32-8E77-53E73F599427}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20405632-3DCB-48ED-8059-4E6E639D8457}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20837469-B762-4D8E-BBD3-901B6863F949}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{214765D7-F60F-40B4-9C76-10B4F96188BA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{25BEA2C2-820C-41E7-94C7-324E14AAB754}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{260B0EDD-A99F-44F9-89CC-1FE71BD6D16E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{269657E9-E852-4146-9051-03A6998DAB5A}" = protocol=6 | dir=out | app=system | 
"{2A0FEFCD-7609-40B6-BD63-926A6FF4CF34}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{2BA4962C-0222-4DF7-911D-C98DD8F6376B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{2EAD13AC-D6A2-46C3-AEF9-631051F6D31D}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{2FF0C685-AE98-4298-B4B1-929369DA7447}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{36596AE4-4CC3-4996-B142-293612381864}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{3A45AFC4-D249-4D8E-A8E6-B381402ED4E8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{3A4FBBDA-0D78-4ADE-A1D7-26A5ECE772C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3DD3AC50-5656-4B5E-9F06-DA81B62BAC55}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3E0DAD4B-F067-467A-8301-ED12DA8998A0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{3E313AFA-3B40-45C3-AC8C-DB10C748089A}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{45A46812-8571-4DB3-92BB-B2CA7F7BDF74}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe | 
"{465C5F88-4A1C-40A6-BA4E-3A53DDDA759C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{4A2ED897-AAD6-4B5D-ADC6-0441AA295A9A}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{53296A85-BACB-47F9-BB8D-995F8DC8F97A}" = dir=in | app=c:\users\mike\appdata\local\temp\7zs3f56\setup\hpznui40.exe | 
"{5AA45DC1-675B-49B3-9653-1585E956CE4C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6038D9B6-A2D9-4779-B1ED-F79D6E65E3DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{67A324CB-7130-4C00-8A6D-85B64CC629CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6FA9241A-0E88-49E0-AB8B-399D4F1B8D86}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{782AC1E9-A479-408E-B8FB-F496DB238320}" = protocol=1 | dir=in | [email protected],-28543 | 
"{794D0ECA-EA04-43D8-9F05-F8507CE24B72}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7BBF0CC7-4C8F-456E-BB5C-B8827559980C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{7BE2F143-BF43-41B5-B7D9-73F04A53BE34}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{7C2249F6-F8AD-464C-AAE8-FF478B7C9BD4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7E000711-BB79-4EB5-879B-F29EEE8B8F4C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{80A33101-D8AC-4A4C-9174-08F6A776DD87}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{86537F31-7F16-46F7-8F03-53057BEB4F5E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8BDCC580-65A9-4C83-B683-5DBCF212A5B0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{8DEE7D36-BC63-411C-97FC-F1FAFEF65E59}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{8F0B2A76-1C8C-444D-9E08-4D73E7C463E7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{99AC5936-F68B-4791-BB06-A9FC34B9791E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{99EA28D6-1C5B-4BB5-A90E-FA2E7030AA14}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{9A7B17E9-391D-4EE4-ABFF-FA5CD0A0D496}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{9F27F586-3D10-4532-8590-4C1FCF44B2F0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{A2BD5CD9-D897-47DE-BFB4-CA41015D73C1}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{A595071F-A478-4BF0-903B-F11E4779AEB5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AD0A1225-B7FF-4862-83F8-51D7A17D07B3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe | 
"{AD5469A4-8A85-4769-90FA-E96DCA9E1008}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{B04474F0-35CF-487E-A11A-C48DED04F128}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B8B7D9DB-952B-4F77-AC8D-B48B5607D75B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{B9784441-1C38-4FEF-9D68-81860F546A93}" = protocol=6 | dir=in | app=c:\program files (x86)\verizon\vsp\servicepointservice.exe | 
"{BA6F95A9-AB3A-4368-A4A2-F5015BDA700B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{BB0843C8-352F-465F-828B-8241F21B640A}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{BF5B84BD-6D2C-4154-B05C-39293C2CFB3A}" = protocol=58 | dir=in | [email protected],-28545 | 
"{C18605D3-1A03-48F8-8E36-75138E2A75BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C1FFF4C4-401D-4902-AFF9-0080469B184A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{C3DACC4B-87A0-4519-930A-3262A7BCBFFD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C4F95B0F-61F8-410B-B323-F47D65DB96FB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C8A8A917-46C1-400E-BB43-C4E0A187BE29}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{D293C615-76B4-4577-BA69-0EB7C32ABED3}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{D5EB4DFF-449C-495D-B7C2-2DC70B39E886}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{DB4C67E6-17C4-41C1-A80E-B791AD70E17A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DFF72272-F771-4344-898F-C71F4041CAEF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{E6138D4F-B905-4A72-AF79-9BA6BCB55F81}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{E6B18FAD-4FF0-48E9-B404-2F7382E2F324}" = protocol=58 | dir=out | [email protected],-28546 | 
"{ED33F8ED-0F7B-483C-A8D8-800372AA31C4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{F20A65CC-138F-4311-B328-84908643BBDB}" = protocol=17 | dir=in | app=c:\program files (x86)\verizon\vsp\servicepointservice.exe | 
"{F5FC56C4-B5F9-4507-96BF-6A78FA5CD868}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{F7E9A5CE-6CE1-49D8-A0CC-F61CD793CF5F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F96C68A5-6B9E-4935-B7E2-64C6BF796598}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FC293D69-4BD7-452F-9D5E-E433DD5B1974}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"TCP Query User{31535711-DF54-4F5C-9BD7-92D412A4C033}C:\westwood\ra2\game.exe" = protocol=6 | dir=in | app=c:\westwood\ra2\game.exe | 
"TCP Query User{4A4D5F3B-BEB2-4009-9DB0-C84B24F044C8}F:\techwizard.exe" = protocol=6 | dir=in | app=f:\techwizard.exe | 
"TCP Query User{E496E96F-0761-4449-A074-E4BB468FCF99}C:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe | 
"TCP Query User{E95E6A44-E506-4B53-B88A-261B88D0C76B}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"TCP Query User{F16CDFA0-8AD5-4A07-816F-C5AE39C90CAE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{41BDACA7-D66A-4E2A-96A4-D10CD1B9879B}F:\techwizard.exe" = protocol=17 | dir=in | app=f:\techwizard.exe | 
"UDP Query User{4420A815-F85B-41C0-8A04-239B45616844}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{46902006-3882-4A4E-8439-CD3258710BEB}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"UDP Query User{AA7D02E0-F7D4-4E04-B6AC-3C4E6B17E47D}C:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe | 
"UDP Query User{F1CE9BC2-A488-4F89-9ADE-625B42FCFCB0}C:\westwood\ra2\game.exe" = protocol=17 | dir=in | app=c:\westwood\ra2\game.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{D0584F36-2BDB-43DF-9168-AD0EE9AD95F6}" = HP Tone Control
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software
"{F74D69E5-ECFD-45D1-A87A-341208ADD7CC}" = DigitalPersona Personal 4.11
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{457F9311-375A-46E9-800B-45DCE33E78E1}" = C7100
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6005535D-8A83-4108-A757-E1AB9886AECA}" = Cisco AnyConnect VPN Client
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{6F5B47A9-FE5A-4f3b-AD78-33F048B46749}" = c7100_Help
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{834903BF-7B6E-4C97-891C-AC1AECA91CEC}" = HP User Guides 0115
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKSTD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKSTD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKSTD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKSTD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKSTD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_OUTLOOKSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00E0-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-00E0-0000-0000-0000000FF1CE}_OUTLOOKSTD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_OUTLOOKSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0524B49-9798-4EFB-A392-06C18BEC7432}" = Vz In Home Agent
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D547A594-AA85-4B92-80EB-47B371B98C68}" = Verizon Download Manager
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AnyDVD" = AnyDVD
"AVerMedia TV Tuner Card" = AVerMedia TV Tuner Card 1.0.0.3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ConverterLite" = ConverterLite 0.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"mflGameDay_is1" = myfantasyleague.com Game Day 2011
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"OUTLOOKSTD" = Microsoft Office Outlook 2007
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44
"Red Alert 2" = Command & Conquer Red Alert 2
"SCRABBLE PLUS" = SCRABBLE PLUS
"SpeedFan" = SpeedFan (remove only)
"StartNow Toolbar" = StartNow Toolbar
"Verizon Help and Support" = Verizon Help and Support Tool
"Verizon Media Manager" = Verizon Media Manager
"WOLAPI" = Westwood Shared Internet Components
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2012 9:03:12 AM | Computer Name = Mike-HPLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: IEFRAME.dll, version: 9.0.8112.16443,
time stamp: 0x4f4c2cfa Exception code: 0xc0000005 Fault offset: 0x000fcdb9 Faulting
process id: 0x1820 Faulting application start time: 0x01cd26d198bd61e1 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: d6d50aae-92c4-11e1-9a6d-00269e197f78

Error - 4/30/2012 9:28:30 AM | Computer Name = Mike-HPLaptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1820 Start
Time: 01cd26d198bd61e1 Termination Time: 158 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 4/30/2012 9:28:31 AM | Computer Name = Mike-HPLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: IEFRAME.dll, version: 9.0.8112.16443,
time stamp: 0x4f4c2cfa Exception code: 0xc0000005 Fault offset: 0x000fcdb9 Faulting
process id: 0xca0 Faulting application start time: 0x01cd26cb15ff16c4 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: 6015a01e-92c8-11e1-9a6d-00269e197f78

Error - 4/30/2012 1:58:49 PM | Computer Name = Mike-HPLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: IEFRAME.dll, version: 9.0.8112.16443,
time stamp: 0x4f4c2cfa Exception code: 0xc0000005 Fault offset: 0x000fcdb9 Faulting
process id: 0x183c Faulting application start time: 0x01cd26d198d52fa4 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: 230c568c-92ee-11e1-9a6d-00269e197f78

Error - 4/30/2012 2:26:35 PM | Computer Name = Mike-HPLaptop | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/30/2012 2:32:27 PM | Computer Name = Mike-HPLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: IEFRAME.dll, version: 9.0.8112.16443,
time stamp: 0x4f4c2cfa Exception code: 0xc0000005 Fault offset: 0x000fcdb9 Faulting
process id: 0x860 Faulting application start time: 0x01cd26fae4afa5d8 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: d5c32e02-92f2-11e1-9a6d-00269e197f78

Error - 4/30/2012 3:37:05 PM | Computer Name = Mike-HPLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: IEFRAME.dll, version: 9.0.8112.16443,
time stamp: 0x4f4c2cfa Exception code: 0xc0000005 Fault offset: 0x000fcdb9 Faulting
process id: 0x1048 Faulting application start time: 0x01cd26ff9781e4f2 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: dd3b2fe8-92fb-11e1-9a6d-00269e197f78

Error - 4/30/2012 3:41:13 PM | Computer Name = Mike-HPLaptop | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/30/2012 4:55:45 PM | Computer Name = Mike-HPLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: IEFRAME.dll, version: 9.0.8112.16443,
time stamp: 0x4f4c2cfa Exception code: 0xc0000005 Fault offset: 0x000fcdb9 Faulting
process id: 0x9d8 Faulting application start time: 0x01cd27138581a5c1 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: dac9719d-9306-11e1-b825-00269e197f78

Error - 4/30/2012 4:56:31 PM | Computer Name = Mike-HPLaptop | Source = WinMgmt | ID = 10
Description =

[ Cisco AnyConnect VPN Client Events ]
Error - 12/13/2009 4:38:20 PM | Computer Name = Mike-HPLaptop | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
1271 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 12/13/2009 4:38:20 PM | Computer Name = Mike-HPLaptop | Source = vpnagent | ID = 50331669
Description = Failed Route change: Action: AddRoute Destination: 172.17.2.0 Netmask:
255.255.255.0 Gateway: 172.17.2.135 Interface: 172.17.2.135 Metric: 1

Error - 12/13/2009 4:38:20 PM | Computer Name = Mike-HPLaptop | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
222 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 12/13/2009 5:10:28 PM | Computer Name = Mike-HPLaptop | Source = vpnagent | ID = 50331649
Description = Function: WSAGetOverlappedResult Return code: 10054 File: .\IPC\SocketTransport.cpp
Line:
1237 Description: An existing connection was forcibly closed by the remote host.

Error - 12/13/2009 5:10:28 PM | Computer Name = Mike-HPLaptop | Source = vpnagent | ID = 50331649
Description = Function: WSARecv/WSARecvFrom Return code: 0 File: .\IPC\SocketTransport.cpp
Line:
1238 Description:

Error - 12/13/2009 5:10:28 PM | Computer Name = Mike-HPLaptop | Source = vpnagent | ID = 50331649
Description = Function: CSocketTransport::readSocket Return code: 0xFE1F000F File:
.\IPC\IPCTransport.cpp Line: 805 Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE

Error - 12/13/2009 5:10:28 PM | Computer Name = Mike-HPLaptop | Source = vpnagent | ID = 50331649
Description = Function: CIpcTransport::OnSocketReadComplete Return code: 0xFE1F000F
File:
.\IPC\IPCDepot.cpp Line: 788 Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE

Error - 12/13/2009 5:10:28 PM | Computer Name = Mike-HPLaptop | Source = vpnagent | ID = 50331649
Description = Function: WSASend Return code: 10054 File: .\IPC\SocketTransport.cpp
Line:
1612 Description: An existing connection was forcibly closed by the remote host.

Error - 12/13/2009 5:10:28 PM | Computer Name = Mike-HPLaptop | Source = vpnagent | ID = 50331649
Description = Function: CSocketTransport::writeSocketBlocking Return code: 0xFE1F000B
File:
.\IPC\IPCTransport.cpp Line: 385 Description: SOCKETTRANSPORT_ERROR_WRITE

Error - 12/13/2009 5:10:38 PM | Computer Name = Mike-HPLaptop | Source = vpnagent | ID = 50331650
Description = Termination reason code 5: The user is logging off the system.

[ Hewlett-Packard Events ]
Error - 2/20/2012 11:31:38 AM | Computer Name = Mike-HPLaptop | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4063 Ram Utilization: 50 TargetSite: Void RaiseExceptionIfNecessary()

Error - 2/27/2012 11:55:47 AM | Computer Name = Mike-HPLaptop | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4063 Ram Utilization: 30 TargetSite: Void RaiseExceptionIfNecessary()

Error - 3/5/2012 11:06:18 AM | Computer Name = Mike-HPLaptop | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4063 Ram Utilization: 40 TargetSite: Void RaiseExceptionIfNecessary()

Error - 3/12/2012 10:49:54 AM | Computer Name = Mike-HPLaptop | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4063 Ram Utilization: 40 TargetSite: Void RaiseExceptionIfNecessary()

Error - 3/19/2012 11:18:20 AM | Computer Name = Mike-HPLaptop | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4063 Ram Utilization: 40 TargetSite: Void RaiseExceptionIfNecessary()

Error - 3/26/2012 10:27:35 AM | Computer Name = Mike-HPLaptop | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4063 Ram Utilization: 40 TargetSite: Void RaiseExceptionIfNecessary()

Error - 4/2/2012 10:03:00 AM | Computer Name = Mike-HPLaptop | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4063 Ram Utilization: 30 TargetSite: Void RaiseExceptionIfNecessary()

Error - 4/9/2012 11:37:59 AM | Computer Name = Mike-HPLaptop | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4063 Ram Utilization: 40 TargetSite: Void RaiseExceptionIfNecessary()

Error - 4/16/2012 11:43:48 AM | Computer Name = Mike-HPLaptop | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4063 Ram Utilization: 40 TargetSite: Void RaiseExceptionIfNecessary()

Error - 4/23/2012 10:03:50 AM | Computer Name = Mike-HPLaptop | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4063 Ram Utilization: 50 TargetSite: Void RaiseExceptionIfNecessary()

[ System Events ]
Error - 4/30/2012 7:03:45 AM | Computer Name = Mike-HPLaptop | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1 
time(s).

Error - 4/30/2012 7:03:45 AM | Computer Name = Mike-HPLaptop | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/30/2012 7:05:32 AM | Computer Name = Mike-HPLaptop | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version 
of the driver.

Error - 4/30/2012 7:05:32 AM | Computer Name = Mike-HPLaptop | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version 
of the driver.

Error - 4/30/2012 7:09:02 AM | Computer Name = Mike-HPLaptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/30/2012 7:11:31 AM | Computer Name = Mike-HPLaptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/30/2012 7:11:39 AM | Computer Name = Mike-HPLaptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/30/2012 7:13:10 AM | Computer Name = Mike-HPLaptop | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error: 
%%126

Error - 4/30/2012 7:15:22 AM | Computer Name = Mike-HPLaptop | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%31

Error - 4/30/2012 4:50:51 PM | Computer Name = Mike-HPLaptop | Source = Service Control Manager | ID = 7031
Description = The Cisco AnyConnect VPN Agent service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 1000
milliseconds: Restart the service.

< End of report >


----------



## kevinf80 (Mar 21, 2006)

Continue as follows :-

*Step 1*

Re-Run







by double left click, Vista and Widows 7 users right click and select Run as Administrator.

Under the







box at the bottom, paste in the following


```
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{0A0478A1-EF33-4719-B76E-56BB9FBAFAB6}: "URL" = http://search.live.com/results.aspx?...s}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear...}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9C37F2A3-6850-40B3-A381-2A0AF373F32F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0A0478A1-EF33-4719-B76E-56BB9FBAFAB6}: "URL" = http://search.live.com/results.aspx?...s}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear...}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9C37F2A3-6850-40B3-A381-2A0AF373F32F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=HPNT...c=IE-SearchBox
IE - HKCU\..\SearchScopes\{0A0478A1-EF33-4719-B76E-56BB9FBAFAB6}: "URL" = http://www.bing.com/search?q={search...c=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear...rlz=1I7GGHP_en
IE - HKCU\..\SearchScopes\{9C37F2A3-6850-40B3-A381-2A0AF373F32F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{DD2FF794-CB76-2726-F5E6-1807534DB7FE}: "URL" = http://www.bing.com/search?q={search...eferrer:source}
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
[2011/07/14 16:42:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/10 22:24:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
:Files
ipconfig /flushdns /c
C:\ProgramData\~RDHf2GmoKRq48xr
C:\ProgramData\~RDHf2GmoKRq48x
C:\ProgramData\RDHf2GmoKRq48x
C:\Users\Mike\AppData\Local\33ea55dc
C:\Users\Mike\AppData\Roaming\58fa6385
C:\ProgramData\f2522e7f
C:\Users\Mike\AppData\Roaming\60AAB
C:\Users\Mike\AppData\Roaming\a8gRZ9hYXjVlBzN
C:\Users\Mike\AppData\Roaming\ABD9E
C:\Users\Mike\AppData\Roaming\DKK77RR9gTqjCk
C:\Users\Mike\AppData\Roaming\dQH6dWK7f
C:\Users\Mike\AppData\Roaming\FA1ivD2on4m5Q7E
C:\Users\Mike\AppData\Roaming\FkUVelOBtPyAiDo
C:\Users\Mike\AppData\Roaming\HL9hTXqjUeIrOyA
C:\Users\Mike\AppData\Roaming\I1uvD2obF
C:\Users\Mike\AppData\Roaming\LXwjUVelItP
C:\Users\Mike\AppData\Roaming\oS11ibD3oG4
C:\Users\Mike\AppData\Roaming\Q4ppmH5sQ7d
C:\Users\Mike\AppData\Roaming\qlOOBtzP0cA1v2n
C:\Users\Mike\AppData\Roaming\swjUCelIBzN
:Commands
[emptytemp]
[Reboot]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

*Step 2*

Download Security Check by screen317 from *HERE* or *HERE*.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me see those two logs, also give update on issues..

Kevin


----------



## mlanspery (Apr 29, 2012)

Here are the latest logs. Tried again after running these two programs, still having the same problems.

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A0478A1-EF33-4719-B76E-56BB9FBAFAB6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A0478A1-EF33-4719-B76E-56BB9FBAFAB6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C37F2A3-6850-40B3-A381-2A0AF373F32F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C37F2A3-6850-40B3-A381-2A0AF373F32F}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A0478A1-EF33-4719-B76E-56BB9FBAFAB6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A0478A1-EF33-4719-B76E-56BB9FBAFAB6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C37F2A3-6850-40B3-A381-2A0AF373F32F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C37F2A3-6850-40B3-A381-2A0AF373F32F}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A0478A1-EF33-4719-B76E-56BB9FBAFAB6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A0478A1-EF33-4719-B76E-56BB9FBAFAB6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C37F2A3-6850-40B3-A381-2A0AF373F32F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C37F2A3-6850-40B3-A381-2A0AF373F32F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DD2FF794-CB76-2726-F5E6-1807534DB7FE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD2FF794-CB76-2726-F5E6-1807534DB7FE}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 removed from extensions.enabledItems
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
File Protocol\Handler\mso-offdap11 - No CLSID value found not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mike\Desktop\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\cmd.txt deleted successfully.
C:\ProgramData\~RDHf2GmoKRq48xr moved successfully.
C:\ProgramData\~RDHf2GmoKRq48x moved successfully.
C:\ProgramData\RDHf2GmoKRq48x moved successfully.
C:\Users\Mike\AppData\Local\33ea55dc moved successfully.
C:\Users\Mike\AppData\Roaming\58fa6385 moved successfully.
C:\ProgramData\f2522e7f moved successfully.
C:\Users\Mike\AppData\Roaming\60AAB folder moved successfully.
C:\Users\Mike\AppData\Roaming\a8gRZ9hYXjVlBzN folder moved successfully.
C:\Users\Mike\AppData\Roaming\ABD9E folder moved successfully.
C:\Users\Mike\AppData\Roaming\DKK77RR9gTqjCk folder moved successfully.
C:\Users\Mike\AppData\Roaming\dQH6dWK7f folder moved successfully.
C:\Users\Mike\AppData\Roaming\FA1ivD2on4m5Q7E folder moved successfully.
C:\Users\Mike\AppData\Roaming\FkUVelOBtPyAiDo folder moved successfully.
C:\Users\Mike\AppData\Roaming\HL9hTXqjUeIrOyA folder moved successfully.
C:\Users\Mike\AppData\Roaming\I1uvD2obF folder moved successfully.
C:\Users\Mike\AppData\Roaming\LXwjUVelItP folder moved successfully.
C:\Users\Mike\AppData\Roaming\oS11ibD3oG4 folder moved successfully.
C:\Users\Mike\AppData\Roaming\Q4ppmH5sQ7d folder moved successfully.
C:\Users\Mike\AppData\Roaming\qlOOBtzP0cA1v2n folder moved successfully.
C:\Users\Mike\AppData\Roaming\swjUCelIBzN folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mike
->Temp folder emptied: 1052099 bytes
->Temporary Internet Files folder emptied: 57056494 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 620 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5544 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 55.00 mb

OTL by OldTimer - Version 3.2.42.1 log created on 04302012_214913
Files\Folders moved on Reboot...
C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T7KUGWID\1051310-search-engine-redirects[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T7KUGWID\;ord=7550693471314896013[1].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T7KUGWID\AdDisplayTrackerServlet[1].htm not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T7KUGWID\afr[1].htm not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T7KUGWID\Artemis[1].htm not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T7KUGWID\Artemis[2].htm not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T7KUGWID\emily[1].htm not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T7KUGWID\load[1].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF17LJ9R\afr[1].htm not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF17LJ9R\afr[2].htm not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF17LJ9R\dpsync[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF17LJ9R\dpsync[2].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF17LJ9R\dpsync[3].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF17LJ9R\if[1].htm not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF17LJ9R\pixel[1].htm not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N0B8EQGL\1[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N0B8EQGL\cv[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N0B8EQGL\use-social-networks-to-grow-your-business[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J1HCXU8J\doubleclick[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J1HCXU8J\doubleclick[2].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J1HCXU8J\emily[1].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J1HCXU8J\px[1].htm not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J1HCXU8J\tpid=CAESECtZcbeeTykwbiqPgO52jBs&cver=1[1].gif not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HA8VXUNQ\281411[1].htm not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HA8VXUNQ\Artemis[1].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HA8VXUNQ\c=939_rand=930210123_pv=y_rt=ifr[1].htm not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HA8VXUNQ\ddc[1].htm not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HA8VXUNQ\dppix[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HA8VXUNQ\dppix[2].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HA8VXUNQ\hbpix[2].gif not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HA8VXUNQ\meta[1].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HA8VXUNQ\pixel[1].htm not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HA8VXUNQ\Pug[1].gif not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HA8VXUNQ\Pug[1].htm not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HA8VXUNQ\Pug[2].gif not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9A93KAU7\adsPage[1].htm not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9A93KAU7\ddc[1].htm not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9A93KAU7\emily[1].htm not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8YBA9W06\yahoo_com[1].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\fla40BE.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\fla647E.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\flaC2EC.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\flaE3FB.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\flaE912.tmp not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\flaFF73.tmp not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.32 
Windows 7 x64 
Internet Explorer 9 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Disabled! 
Avira AntiVir Personal - Free Antivirus 
ESET Online Scanner v3 
WMI entry may not exist for antivirus; attempting automatic update. 
Avira successfully updated! 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
Java(TM) 6 Update 26 
Java(TM) 6 Update 7 
*Java version out of date!* 
Adobe Flash Player 10.2.159.1 *Flash Player out of Date!* 
Adobe Reader 9 *Adobe Reader out of date!* 
Mozilla Firefox (7.0.1) 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Avira Antivir avgnt.exe 
Avira Antivir avguard.exe 
*``````````End of Log````````````*


----------



## kevinf80 (Mar 21, 2006)

Open Firefox, at the top from the Menu bar select "Help", from the options select "Restart with addons disabled" do that, do the redirects still happen in FF with the addos disabled?


----------



## mlanspery (Apr 29, 2012)

Firefox seems to be working fine with the add ons disabled. I have tried both Yahoo and Google. Internet explorer still redirects. Happili sees to be the most frequent site it redirects to.


----------



## kevinf80 (Mar 21, 2006)

OK, shut Firefox and Internet Explorer down, then do this:

Start > All Programs > Accessories > System Tools > Internet Explorer (No add-ons)

See if you get redirects in IE with the addons disabled...


----------



## mlanspery (Apr 29, 2012)

It tells me that the item 'iexplore.exe' shortcut has been changed or moved, and this shortcut will no longer work properly. Then it asks if I want to delete the shortcut.


----------



## kevinf80 (Mar 21, 2006)

OK do the following, select start, in the search box either type or copy and paste the following:

*iexplore.exe -extoff* Select OK or tap enter, that should start IE with add-ons disabled....

Kevin..


----------



## mlanspery (Apr 29, 2012)

Ok, I got to Internet explorer with the add-ons disabled, and at first it seemed to be okay, but then I noticed the back button would just keep me one the same page but there would be a very quick appearance in the address bar of one of the redirected sites, askme I think. It was. Then other links started doing the same redirection as before. Even got a pop up congratulating me for winning an iPad!


----------



## kevinf80 (Mar 21, 2006)

OK, do the following:

Start IE using the *iexplore.exe -extoff* command from the search box, Open tools > manage add-ons. In the new window about midway on the left under "Show" use the drop down and select "Run without permission"

When that is selected scroll through the add-on list and make a note of what is running without permission, Also go back to the dropdown and select "Downloaded controls" make a note of that list.

Do any of the two lists match? such as "SunMicro Systems" under addons running without permission and Java Plug-ins running under "Downloaded controls"

Kevin


----------



## mlanspery (Apr 29, 2012)

There area few that match, such as the Java ones you already mentioned. I have taken the liberty to paste the lists in caseyou wanted to see them.

Run without permission:

Name McciSysSecurityCenter Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciNetPOP3Ex Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciNetSMTP Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsURL Interface
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name IESecuritySettingValue Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciConnectedDevicesUSB Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysDialLocation Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciConnectedDevicesTethered Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name ProxyServerProtocol Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetNodeTypeConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsFile2 Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUACManager Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsSecurityUtils Interface
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysWindowManager Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciNetWindowsNetwork Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name MailClientConfigHelper Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name MailNewsAccountParameters Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciContextAlert Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciLog Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysShutdown Interface
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsLocale Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name IESecuritySetting Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciNetPing Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name IESecurityZone Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetWirelessEncryptionConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysCAB Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetAdapterCriteriaConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name AccountDataDictionary Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysDisk Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysIdentification Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name IEPrivacySettingTemplate Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciWirelessClientAppProfile Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetworkNeighborhood Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciNetWindowsNetworkHost Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciEventWorkFlowStat Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciEventStatRetriever Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysFwExceptionDescriptor Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciConnectedDevicesUPnPNotify Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciConnectedDevicesCPEDevice Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsSpecialFolder Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetCallbackErrorConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciWirelessClientAppAuthenticationConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetWirelessAccessTypeConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysSCM Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsPath Interface
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetMediaConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciWirelessClientAppEncryptionConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsDirectory2 Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciNetPOP3 Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciWirelessClientApp Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysLocalFS Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciConnectedDevicesUPnPRootDevice Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetWirelessNetworkTypeConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsPlatform2 Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsAuthenticode Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciEventInstallStat Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsFileProcessor Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name ProxyServer Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciNetDNS Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsFileInfo Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciWirelessClientAppCallbackErrorConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsDirectory Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetPhysicalMediumConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysDialRas Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysDeviceManager Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsTrustManager Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysCPU Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsINI Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSM Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysShell Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysBrowser Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysLocalPS Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciConnectedDevicesCPEConfiguration Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetHardwareStatusConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysFileArchive Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsIEVersion Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetWirelessEncryptionStatusConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsRegistry Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciConnectedDevicesUPnPMSearch Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsCryptoUtils Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysWindowsFirewall Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysEventLog Interface
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetNetBIOSStateConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetWirelessPrivacyFilterConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysEvent Interface
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciEventAlertStat Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciHTTPClient Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetWirelessAuthenticationModeConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysDialPhoneBookEntry Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetWirelessPowerModeConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysDialPhoneBook Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name WebBrowserConfigHelper Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciContext Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsPrivileges Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetWirelessPrivacyConstant Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsVirtualDataControl Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciNetMessageData Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciNetSMTPEx Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsBase64Utils Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysProcess Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciNetTcpClientSocket Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name WebBrowserType Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysRAM Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsURLEncodingMask Interface
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciContextScript Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsGlobalDataStore Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name MailClientType Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name GenericArray Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsFileDirectoryCodes Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name FavoriteLink Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsFile Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsPlatform Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysModuleInfo Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysNetNetwork Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciSysDialModem Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name McciUtilsGUIDGen Class
Publisher (Not verified) Alcatel-Lucent
Status Enabled
Name GEPluginCoClass Object
Publisher (Not verified) Google
Status Enabled
Name Shockwave ActiveX Control
Publisher Adobe Systems Incorporated
Status Enabled
Name Shockwave Flash Object
Publisher Adobe Systems Incorporated
Status Enabled
Name Adobe PDF Reader
Publisher Adobe Systems, Incorporated
Status Enabled
Name QuickTime Object
Publisher Apple Inc.
Status Enabled
Name QuickTime Object
Publisher Apple Inc.
Status Enabled
Name Behavior Object
Publisher Apple Inc.
Status Enabled
Name iTunesDetector Class
Publisher Apple Inc.
Status Enabled
Name Google Update Plugin
Publisher Google Inc
Status Enabled
Name Google Update Plugin
Publisher Google Inc
Status Enabled
Name Microsoft Office Template and Media Control
Publisher Microsoft Corporation
Status Enabled
Name STSUpld UploadCtl Class
Publisher Microsoft Corporation
Status Enabled
Name InformationCardSigninHelper Class
Publisher Microsoft Corporation
Status Enabled
Name XML DOM Document
Publisher Microsoft Corporation
Status Enabled
Name XSL Template
Publisher Microsoft Corporation
Status Enabled
Name HtmlDlgSafeHelper Class
Publisher Microsoft Corporation
Status Enabled
Name Tabular Data Control
Publisher Microsoft Corporation
Status Enabled
Name XML Schema Cache
Publisher Microsoft Corporation
Status Enabled
Name oleprn Class
Publisher Microsoft Corporation
Status Enabled
Name SharePoint Spreadsheet Launcher
Publisher Microsoft Corporation
Status Enabled
Name DSPrintQueue Class
Publisher Microsoft Corporation
Status Enabled
Name OleSNMP Class
Publisher Microsoft Corporation
Status Enabled
Name SharePoint Export Database Launcher
Publisher Microsoft Corporation
Status Enabled
Name Microsoft Shell UI Helper
Publisher Microsoft Corporation
Status Enabled
Name OleCvt Class
Publisher Microsoft Corporation
Status Enabled
Name Windows Media Player
Publisher Microsoft Corporation
Status Enabled
Name Windows Media Services DRM Storage object
Publisher Microsoft Corporation
Status Enabled
Name X509 Enrollment WebClassFactory
Publisher Microsoft Corporation
Status Enabled
Name X509 Machine Enrollment Factory
Publisher Microsoft Corporation
Status Enabled
Name XML DOM Document 4.0
Publisher Microsoft Corporation
Status Enabled
Name Free Threaded XML DOM Document 4.0
Publisher Microsoft Corporation
Status Enabled
Name XML Schema Cache 4.0
Publisher Microsoft Corporation
Status Enabled
Name XSL Template 4.0
Publisher Microsoft Corporation
Status Enabled
Name XML Data Source Object 4.0
Publisher Microsoft Corporation
Status Enabled
Name XML HTTP 4.0
Publisher Microsoft Corporation
Status Enabled
Name XML DOM Document 6.0
Publisher Microsoft Corporation
Status Enabled
Name Free Threaded XML DOM Document 6.0
Publisher Microsoft Corporation
Status Enabled
Name XML Schema Cache 6.0
Publisher Microsoft Corporation
Status Enabled
Name XSL Template 6.0
Publisher Microsoft Corporation
Status Enabled
Name XML HTTP 6.0
Publisher Microsoft Corporation
Status Enabled
Name Registration Control
Publisher Microsoft Corporation
Status Enabled
Name SharePoint OpenDocuments Class
Publisher Microsoft Corporation
Status Enabled
Name prturl Class
Publisher Microsoft Corporation
Status Enabled
Name SharePoint OpenDocuments Class
Publisher Microsoft Corporation
Status Enabled
Name RMGetLicense Class
Publisher Microsoft Corporation
Status Enabled
Name Microsoft Scriptlet Component
Publisher Microsoft Corporation
Status Enabled
Name OWSClientEventSubscription Class
Publisher Microsoft Corporation
Status Enabled
Name OWSClientMiscApis Class
Publisher Microsoft Corporation
Status Enabled
Name OWSClientCommentThread Class
Publisher Microsoft Corporation
Status Enabled
Name OWSClientComment Class
Publisher Microsoft Corporation
Status Enabled
Name OWSBrowserUI Class
Publisher Microsoft Corporation
Status Enabled
Name OWS Post Data
Publisher Microsoft Corporation
Status Enabled
Name SharePoint Spreadsheet Launcher
Publisher Microsoft Corporation
Status Enabled
Name Web Discussions
Publisher Microsoft Corporation
Status Enabled
Name Web Discussions
Publisher Microsoft Corporation
Status Enabled
Name Web Discussions
Publisher Microsoft Corporation
Status Enabled
Name OWSDiscussionServers Class
Publisher Microsoft Corporation
Status Enabled
Name OWSClientCollaboration Class
Publisher Microsoft Corporation
Status Enabled
Name OSE.Discussion
Publisher Microsoft Corporation
Status Enabled
Name OSE.Discussions
Publisher Microsoft Corporation
Status Enabled
Name OSE.DiscussionServer
Publisher Microsoft Corporation
Status Enabled
Name OSE.DiscussionServers
Publisher Microsoft Corporation
Status Enabled
Name OSE Global Class
Publisher Microsoft Corporation
Status Enabled
Name OWSDiscussionBar Class
Publisher Microsoft Corporation
Status Enabled
Name SharePoint OpenDocuments Class
Publisher Microsoft Corporation
Status Enabled
Name SharePoint Stssync Handler
Publisher Microsoft Corporation
Status Enabled
Name SharePoint Stssync Handler
Publisher  Microsoft Corporation
Status Enabled
Name OleInstall Class
Publisher Microsoft Corporation
Status Enabled
Name Microsoft Office 12 Authorization Control
Publisher Microsoft Corporation
Status Enabled
Name STSUpld CopyCtl Class
Publisher Microsoft Corporation
Status Enabled
Name Windows Live ID Sign-in Control
Publisher Microsoft Corporation
Status Enabled
Name Microsoft Silverlight
Publisher Microsoft Corporation
Status Enabled
Name OISClientLauncher Class
Publisher Microsoft Corporation
Status Enabled
Name PersonalSite Class
Publisher Microsoft Corporation
Status Enabled
Name Scripting.Dictionary
Publisher Microsoft Corporation
Status Enabled
Name XML DOM Document 3.0
Publisher Microsoft Corporation
Status Enabled
Name Free Threaded XML DOM Document 3.0
Publisher Microsoft Corporation
Status Enabled
Name XML Schema Cache 3.0
Publisher Microsoft Corporation
Status Enabled
Name XML HTTP 3.0
Publisher Microsoft Corporation
Status Enabled
Name XSL Template 3.0
Publisher Microsoft Corporation
Status Enabled
Name XML Data Source Object 3.0
Publisher Microsoft Corporation
Status Enabled
Name Free Threaded XML DOM Document
Publisher Microsoft Corporation
Status Enabled
Name XML Data Source Object
Publisher Microsoft Corporation
Status Enabled
Name RegConfig Class
Publisher Not Available
Status Enabled
Name Discuss
Publisher Not Available
Status Disabled
Name RpClientGatewayScriptInterface5 Class
Publisher Radialpoint
Status Enabled
Name RpClientGatewayScriptInterface3 Class
Publisher Radialpoint
Status Enabled
Name RpClientGatewayScriptInterface2 Class
Publisher Radialpoint
Status Enabled
Name RpClientGatewayScriptInterface4 Class
Publisher Radialpoint
Status Enabled
Name RpClientGatewayScriptInterface Class
Publisher Radialpoint
Status Enabled
Name RpSoftwareVersion Class
Publisher Radialpoint
Status Enabled
Name isInstalled Class
Publisher Sun Microsystems, Inc.
Status Enabled
Name Java Plug-in 1.6.0_26
Publisher Sun Microsystems, Inc.
Status Enabled
Name Java Plug-in 1.6.0_07
Publisher Sun Microsystems, Inc.
Status Enabled
Name Java Plug-in 1.6.0_07
Publisher Sun Microsystems, Inc.
Status Enabled
Name Java Plug-in 1.6.0_07
Publisher Sun Microsystems, Inc.
Status Enabled
Name Java Plug-in 1.6.0_26
Publisher Sun Microsystems, Inc.
Status Enabled
Name Java Plug-in 1.6.0_26
Publisher Sun Microsystems, Inc.
Status  Enabled
Name Java Plug-in 1.6.0_26
Publisher Sun Microsystems, Inc.
Status Enabled
Name Deployment Toolkit
Publisher Sun Microsystems, Inc.
Status Enabled
Name SupportSoft SmartIssue
Publisher SupportSoft, Inc.
Status Enabled
Name SdcNetCheckCtl Class
Publisher SupportSoft, Inc.
Status Enabled
Name SupportSoft Script Runner Class
Publisher SupportSoft, Inc.
Status Enabled
Name SupportSoft Password Reset Class
Publisher SupportSoft, Inc.
Status Enabled
Name SdcMail Class
Publisher SupportSoft, Inc.
Status Enabled
Name MessengerChecker Class
Publisher Yahoo! Inc.
Status Enabled

Downloaded controls:

Name Shockwave ActiveX Control
Publisher Adobe Systems Incorporated
Status Enabled
Name HP Product Detection Control
Publisher arvato digital services
Status Enabled
Name Cisco AnyConnect VPN Client Web Control
Publisher Cisco Systems, Inc.
Status Enabled
Name OnlineScanner Control
Publisher ESET, spol. s r.o.
Status Enabled
Name Facebook Photo Uploader 5 Control
Publisher Facebook, Inc.
Status Enabled
Name Java Plug-in 1.6.0_26
Publisher Sun Microsystems, Inc.
Status Enabled
Name Java Plug-in 1.6.0_26
Publisher Sun Microsystems, Inc.
Status Enabled
Name Java Plug-in 1.6.0_07
Publisher Sun Microsystems, Inc.
Status Enabled
Name Java Plug-in 1.6.0_26
Publisher Sun Microsystems, Inc.
Status Enabled


----------



## kevinf80 (Mar 21, 2006)

Thanks for those logs, Do the following:

Select Start > Control Panel > Uninstall a Program. From that list remove all entries for Java.

Next,

Open Internet Explorer with the command to stop add-ons loading. Open tools > manage addons, disable then delete all java plugins.

Next,

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select Run as Administartor
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

Re-boot your PC even if not prompted by TFC...

Re-run Internet Explorer, see if there are any re-directs...

Kevin


----------



## mlanspery (Apr 29, 2012)

Can't seem to remove one of the java programs. It pops up a window and says there are applications listed that must be closed. Problem is, nothing is listed. The first time, I explorer was there and Ssvagent.exe. But when I instructed them to close, it seemed like everything froze except the cancel button.


----------



## mlanspery (Apr 29, 2012)

The window is java setup and it comes up briefly as not responding.


----------



## mlanspery (Apr 29, 2012)

Interestingly, when I opened the tab to manage add-ons, there was a new one just put there since I tried uninstalling java, called SSVHelper Class.


----------



## mlanspery (Apr 29, 2012)

Well, other than not being able to uninstall the one java component, I did everything and I am still getting redirected.


----------



## kevinf80 (Mar 21, 2006)

SSVHelper belongs to Java so should be OK, this is proving to be stubborn.. OK do the following:

*Step 1*

Download *OTL* from any of the following links and save to your desktop.

*Link 1*
*Link 2*
* Link3*

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).


 Please check the box next to "LOP check" and "Purtiy check"
 Click *Run Scan* and let the program run uninterrupted.
 When the scan is complete, two text files will be created on your Desktop.
 *OTL.Txt* <- this one will be opened
 *Extras.txt* <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply.

*Step 2*

Download Security Check by screen317 from *HERE* or *HERE*.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post those two logs...

Kevin


----------



## mlanspery (Apr 29, 2012)

Sorry it took me so long to get back to you, work and life in general has been busy! Interestingly, OTL would not give me the option to run as an administrator. Security check did. Also, this is the second time we have run this program, and the first time I got both logs, this time, the extras log is nowhere to be found. Anyway, here is what I have:

OTL logfile created on: 5/3/2012 3:24:50 PM - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Mike\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 47.30% Memory free
7.93 Gb Paging File | 5.38 Gb Available in Paging File | 67.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.90 Gb Total Space | 336.15 Gb Free Space | 73.73% Space Free | Partition Type: NTFS
Drive D: | 9.86 Gb Total Space | 1.73 Gb Free Space | 17.52% Space Free | Partition Type: NTFS

Computer Name: MIKE-HPLAPTOP | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 17:04:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.com
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/07/09 10:44:34 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011/06/28 16:16:38 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/01 06:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/02/01 06:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
PRC - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/02/03 16:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/26 20:13:08 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/11/26 20:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:*64bit:* - [2010/03/23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:*64bit:* - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:*64bit:* - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:*64bit:* - [2008/11/18 09:09:46 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)
SRV - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/28 16:16:38 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/01 06:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/02/01 06:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost) @C:\Program Files (x86)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2009/02/03 16:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/26 20:13:08 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/11/26 20:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/11/18 09:09:42 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:*64bit:* - [2011/06/28 16:16:38 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:*64bit:* - [2011/06/28 16:16:38 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:*64bit:* - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:*64bit:* - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:*64bit:* - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:*64bit:* - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2010/03/23 15:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:*64bit:* - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:*64bit:* - [2009/08/21 21:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:*64bit:* - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:*64bit:* - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:*64bit:* - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:*64bit:* - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:*64bit:* - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2009/02/03 16:23:46 | 000,019,456 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:*64bit:* - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:*64bit:* - [2008/10/23 05:42:06 | 000,128,352 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:*64bit:* - [2008/09/04 13:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:*64bit:* - [2008/08/06 12:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:*64bit:* - [2007/03/15 18:42:11 | 000,091,336 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:*64bit:* - [2007/02/28 16:52:00 | 000,017,616 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:*64bit:* - [2006/12/13 19:41:49 | 000,014,032 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/11/28 21:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/20 02:44:39] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2007/03/15 18:42:11 | 000,091,336 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/12/13 19:41:49 | 000,014,032 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyDelay.sys -- (ElbyDelay)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.jetsinsider.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z144&ocid=zdhp&install_date=20111220"
FF - prefs.js..network.proxy.type: 0

FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Mike\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/09/16 07:37:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 19:34:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/20 17:53:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/20 17:53:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010/09/16 07:37:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 19:34:50 | 000,000,000 | ---D | M]

[2009/12/02 18:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2012/05/01 09:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions
[2009/12/11 12:50:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/01 09:12:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/21 13:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/21 20:28:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/21 08:56:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/21 12:24:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/21 10:35:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/21 13:21:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/04/30 21:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
() (No name found) -- C:\USERS\MIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7DVYGASY.DEFAULT\EXTENSIONS\[email protected]
[2011/11/10 22:24:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Verizon Servicepoint (Enabled) = C:\Program Files (x86)\Verizon\VSP\nprpspa.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Mike\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/03 13:00:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:*64bit:* - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [ElevatedDiagnostics] rundll32.exe "C:\Users\Mike\AppData\Local\FullTiltPoker\ElevatedDiagnostics\xdlqzl.dll",DllRegisterServer File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Verizon] C:\Users\Mike\AppData\Local\Verizon\jtvsoghp.dll (MainConcept AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab (HP Product Detection Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://38.104.166.66/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{808AABB5-3F0C-4BCE-BCBD-09E3B8A007C4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99A38EE9-40F6-4F54-A3A4-80944AABE7F0}: DhcpNameServer = 71.243.0.12 68.237.161.12
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\Mike\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mike\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/03 13:00:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/05/03 10:30:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Bruce Springsteen
[2012/04/30 21:49:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/30 17:04:17 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.com
[2012/04/30 16:50:01 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\TFC.exe
[2012/04/30 12:25:37 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\tdsskiller (1).exe
[2012/04/30 08:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/29 19:58:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/29 19:58:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/29 19:58:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/29 19:58:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/29 19:55:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/29 19:47:04 | 004,479,463 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
[2012/04/29 14:10:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\dds.com
[2012/04/29 14:07:20 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Mike\Desktop\HijackThis.exe
[2012/04/26 11:09:18 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Verizon
[2012/04/13 09:49:11 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/13 09:49:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/13 09:49:10 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/13 09:49:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/13 09:49:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/13 09:49:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/13 09:49:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/13 09:49:09 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/13 09:49:09 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/13 09:49:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/13 09:49:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/13 09:48:39 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/13 09:48:39 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/13 09:48:39 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/13 09:43:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/13 09:43:55 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/13 09:43:54 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

========== Files - Modified Within 30 Days ==========

[2012/05/03 15:00:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/03 13:37:09 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/03 13:37:09 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/03 13:34:24 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/03 13:34:24 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/03 13:34:24 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/03 13:29:33 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/03 13:29:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/03 13:29:17 | 3195,424,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/03 13:00:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/02 06:25:19 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/30 22:00:04 | 000,879,714 | ---- | M] () -- C:\Users\Mike\Desktop\SecurityCheck.exe
[2012/04/30 17:34:00 | 002,283,552 | ---- | M] () -- C:\Users\Mike\Desktop\photo.JPG
[2012/04/30 17:04:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.com
[2012/04/30 16:50:12 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\TFC.exe
[2012/04/30 12:25:41 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\tdsskiller (1).exe
[2012/04/29 19:47:08 | 004,479,463 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
[2012/04/29 14:10:13 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\dds.com
[2012/04/29 14:07:23 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mike\Desktop\HijackThis.exe
[2012/04/27 19:16:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/26 11:27:29 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMike.job
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/30 22:00:01 | 000,879,714 | ---- | C] () -- C:\Users\Mike\Desktop\SecurityCheck.exe
[2012/04/30 17:34:00 | 002,283,552 | ---- | C] () -- C:\Users\Mike\Desktop\photo.JPG
[2012/04/29 20:03:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/04/29 20:03:08 | 000,000,121 | ---- | C] () -- C:\Users\Public\Desktop\More Games at GameHouse.com.url
[2012/04/29 19:58:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/29 19:58:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/29 19:58:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/29 19:58:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/29 19:58:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/06 19:59:30 | 000,146,787 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\MMUpgrade.jpg
[2011/02/28 22:05:59 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.INI
[2011/02/28 22:05:46 | 000,003,584 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/28 09:57:05 | 000,001,854 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\GhostObjGAFix.xml
[2011/02/07 11:02:17 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/11/25 19:30:40 | 000,202,415 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/11/25 19:30:40 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat

========== LOP Check ==========

[2011/12/20 13:12:07 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\BitTorrent
[2009/12/13 16:38:20 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Cisco
[2011/12/20 10:36:23 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ConverterLite
[2009/12/01 20:08:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\DigitalPersona
[2010/12/28 22:29:50 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\GameHouse
[2010/12/28 22:30:15 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Scrabble Plus
[2011/11/06 17:32:33 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TeamViewer
[2011/02/28 19:46:41 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TechWizard
[2011/11/16 15:36:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\WD2on4H5s7Eg
[2009/12/01 20:56:29 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\{8126D2ED-1984-4573-9D57-97637E10C716}
[2011/08/15 10:41:21 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Results of screen317's Security Check version 0.99.32 
Windows 7 x64 
Internet Explorer 9 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Disabled! 
Avira AntiVir Personal - Free Antivirus 
ESET Online Scanner v3 
WMI entry may not exist for antivirus; attempting automatic update. 
Avira successfully updated! 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
Java(TM) 6 Update 26 
*Java version out of date!* 
Adobe Flash Player 10.2.159.1 *Flash Player out of Date!* 
Adobe Reader 9 *Adobe Reader out of date!* 
Mozilla Firefox (7.0.1) 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Avira Antivir avgnt.exe 
Avira Antivir avguard.exe 
*``````````End of Log````````````*


----------



## mlanspery (Apr 29, 2012)

I have also been noticing that the computer is always running hard. The fan is constantly on and it's always hot, even if it has just been siting there not doing anything. I'm starting to become afraid that a reformatting is in my future.


----------



## kevinf80 (Mar 21, 2006)

Yep this is a bearcat for sure, there are a couple other logs running like yours where we cannot find the cause of the re-directs. Hang in we`ll get there eventually.

OK, do the following:

*Step 1*

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

Please go to the link below to update.

*Adobe Reader* Untick the Free McAfee® Security Scan Plus (optional) *Not required*

*Step 2*

Your Adobe Flash Player is out of date. Older versions are vulnerable to attack and exploitation
Please go to the link below to update.
*Adobe Flash Player* Untick the Free McAfee® Security Scan Plus (optional) *Not required*

*Step 3*

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. 
For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. 
The most current version of Sun Java is: Java Runtime Environment Version 6 Update 32.


 Go to *Sun Java*
 Select *Windows 7/XP/Vista/2000/2003/2008* If using 64 bit OS Select *Information about the 64-bit Java plug-in* and follow prompts
 Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
 Reboot your computer

*Step 4*

Re-Run







by double left click, Vista and Widows 7 users right click and select Run as Administrator.

Under the







box at the bottom, paste in the following


```
:OTL
[2010/04/21 20:28:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/21 08:56:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/21 12:24:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/21 10:35:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/21 13:21:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
:Files
ipconfig /flushdns /c
netsh int ip reset reset.log /c
netsh winsock reset catalog /c

:Commands
[resethosts]
[emptytemp]
[Reboot]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

*Step 5*

Do the following and post the log.....

Download *RogueKiller* (by tigzy) and save direct to your Desktop.


 Quit all programs
 Start RogueKiller.exe








 Wait until Prescan has finished ...
 Ensure all boxes are ticked under "Report" tab.
 Click on Scan. 
 Click on Report when complete.Copy/paste the content of the report and paste to next reply....










Let me see the logs from OTL fix and RogueKiller, give update on issues...

Kevin


----------



## mlanspery (Apr 29, 2012)

Here are the logs. After posting them I will try some searches and post the results.

All processes killed
========== OTL ==========
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mike\Desktop\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\cmd.txt deleted successfully.
< netsh int ip reset reset.log /c >
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.
C:\Users\Mike\Desktop\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\cmd.txt deleted successfully.
< netsh winsock reset catalog /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Mike\Desktop\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mike
->Temp folder emptied: 2420524 bytes
->Temporary Internet Files folder emptied: 165086638 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 9390 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16537 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 233016 bytes

Total Files Cleaned = 160.00 mb

Error: Unable to interpret <Then click button at the top > in the current context!

OTL by OldTimer - Version 3.2.42.1 log created on 05032012_200516
Files\Folders moved on Reboot...
C:\Users\Mike\AppData\Local\Temp\{B8083961-4F34-4CFD-BF0B-1E758A8F7D75}\fpb.tmp moved successfully.
C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U4PKCSC1\1051310-search-engine-redirects-3[1].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KN7U6D4X\afr[2].htm not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KN7U6D4X\doubleclick[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KN7U6D4X\doubleclick[2].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KN7U6D4X\fpi[1].htm not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KN7U6D4X\load[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ICHGLJ5I\1[3].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ICHGLJ5I\ddc[3].htm not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ICHGLJ5I\pixel[1].htm not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H2AL3V18\1[1].htm not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H2AL3V18\cv[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H2AL3V18\dpsync[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H2AL3V18\dpsync[2].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H2AL3V18\dpsync[3].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FTJPGPF2\Artemis[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FTJPGPF2\REDIRURL=;ord=86503[1].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AHVHKBEF\ttj[1].htm not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8M2WA14O\emily[1].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TBNR8OI\afr[4].htm not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TBNR8OI\cv[2].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TBNR8OI\emily[2].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TBNR8OI\PugTracker[2].htm not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\147SKL10\ubisoft-the-leading-brand-in-the-video-game-industrys-full-year[1].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0AM6UCSJ\ddc[2].htm not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0AM6UCSJ\doubleclick[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0AM6UCSJ\fif_static[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
Registry entries deleted on Reboot...

RogueKiller V7.4.2 [05/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Mike [Admin rights]
Mode: Scan -- Date: 05/03/2012 20:21:43
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 11 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Verizon (Rundll32.exe C:\Users\Mike\AppData\Local\Verizon\jtvsoghp.dll,m4OutVideoPutFrameV) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : ElevatedDiagnostics (rundll32.exe "C:\Users\Mike\AppData\Local\FullTiltPoker\ElevatedDiagnostics\xdlqzl.dll",DllRegisterServer) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3308639748-1256008133-3562106641-1000[...]\Run : Verizon (Rundll32.exe C:\Users\Mike\AppData\Local\Verizon\jtvsoghp.dll,m4OutVideoPutFrameV) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-3308639748-1256008133-3562106641-1000[...]\Run : ElevatedDiagnostics (rundll32.exe "C:\Users\Mike\AppData\Local\FullTiltPoker\ElevatedDiagnostics\xdlqzl.dll",DllRegisterServer) -> FOUND
[SUSP PATH] winupd.job @ : C:\Users\Mike\AppData\Local\Temp:winupd.exe -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
ÿþ1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-60ZAT1 ATA Device +++++
--- User ---
[MBR] 68a5cb9d4acb1f095b9137ff77543781
[BSP] 033f3688b5dd5d50a9d52531d8ccd7f5 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 466844 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956098560 | Size: 10092 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt


----------



## mlanspery (Apr 29, 2012)

Still redirecting


----------



## kevinf80 (Mar 21, 2006)

OK, do the following please:

We need to upload a file to *Jotti*

1. Click *HERE* to get to Jotti's site.

2. At the top of the Jotti window, use the *Browse* button to locate the following file on your system:

*C:\Users\Mike\AppData\Local\FullTiltPoker\ElevatedDiagnostics\xdlqzl.dll*

3. Once you have located the file, click *SUBMIT* and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

5. Please repeat steps 2-4 for the following file:

*C:\Users\Mike\AppData\Local\Verizon\jtvsoghp.dll*

*Upload same Files to Virustotal*
Please visit 
*Virustotal*

 Click the *Browse...* button
 Navigate to the file *C:\Users\Mike\AppData\Local\FullTiltPoker\ElevatedDiagnostics\xdlqzl.dll* or just copy/paste it in.
 Click the *Scan it* tab
 If you get a message saying File has already been analyzed: click Reanalyze file now
 Copy and paste the results back here please.
 Repeat the above steps for the following files

*C:\Users\Mike\AppData\Local\Verizon\jtvsoghp.dll*

Let me see those results...

Kevin


----------



## mlanspery (Apr 29, 2012)

Interestingly, the file name under full tilt poker was different. It is now dyddza.dll. Strange. Anyway, here are the results, both links and pasted.

http://virusscan.jotti.org/en/scanresult/2888730b2f6c20437dbbc88dff990ba1a703e36e
*Scanners*








2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Win32:Malware-gen







2012-05-04 Gen:Variant.Kazy.68192







2012-05-04 Crypt.AVUD







2012-05-04 Gen:Variant.Kazy.68192







2012-05-04 Found nothing







2012-05-04 Trojan.Crypt







2012-05-04 Gen:Variant.Kazy.68192







2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Trojan.Crypt!IK







2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Found nothing

http://virusscan.jotti.org/en/scanresult/be610509c7db3592661eaf4dd1327f268ba2366e
*Scanners*








2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Gen:Variant.Kazy.68111







2012-05-04 Found nothing







2012-05-04 Gen:Variant.Kazy.68111







2012-05-04 Found nothing







2012-05-04 Trojan-Downloader.Agent







2012-05-04 Gen:Variant.Kazy.68111







2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Trojan-Downloader.Agent!IK







2012-05-04 Found nothing







2012-05-04 Found nothing







2012-05-04 Found nothing

https://www.virustotal.com/file/0dd...6f4a6fed37985cfe72f21d01/analysis/1336142001/
AntivirusResultUpdateAhnLab-V3-20120504AntiVir-20120504Antiy-AVL-20120504AvastWin32:Malware-gen20120504AVGCrypt.AVUD20120504BitDefenderGen:Variant.Kazy.6819220120504ByteHero-20120503CAT-QuickHeal-20120504ClamAV-20120504Commtouch-20120504ComodoUnclassifiedMalware20120504DrWeb-20120504EmsisoftTrojan.Crypt!IK20120504eSafe-20120502eTrust-Vet-20120504F-Prot-20120504F-SecureGen:Variant.Kazy.6819220120504FortinetW32/Sefnit.AH!tr20120504GDataGen:Variant.Kazy.6819220120504IkarusTrojan.Crypt20120504Jiangmin-20120504K7AntiVirus-20120502Kaspersky-20120504McAfeeSefnit.ah20120504McAfee-GW-Edition-20120504Microsoft-20120504NOD32-20120504Norman-20120504nProtect-20120504Panda-20120504PCTools-20120504Rising-20120504Sophos-20120504SUPERAntiSpyware-20120411Symantec-20120504TheHacker-20120504TrendMicro-20120504TrendMicro-HouseCall-20120504VBA32-20120504VIPRETrojan.Win32.Generic!BT20120504ViRobot-20120504VirusBuster-20120504


Comments
Votes
Additional information
No comments









More comments 
*Leave your comment...*

? Rich Text AreaToolbarBold (Ctrl+B)Italic (Ctrl+I)Underline (Ctrl+U)Undo (Ctrl+Z)Redo (Ctrl+Y)StylesStyles▼Remove Formatting
https://www.virustotal.com/file/0dd...f4a6fed37985cfe72f21d01/analysis/1336142001/#
Post comment
*You have not signed in.* Only registered users can leave comments, sign in and have a voice! 
Sign in Join the community 

No votes









More votes









An error occurred 
*ssdeep*

3072:MNQo8ZE8XFbWTZSYJsApzV4/eQQKmfV4EQJAg0Fu8us+0lAs4zZDH0:MNQV3QVp14WKmKzAOcuzZDU *TrID*

Windows OCX File (63.5%)
Win32 Executable MS Visual C++ (generic) (19.3%)
Windows Screen Saver (6.7%)
Win32 Executable Generic (4.3%)
Win32 Dynamic Link Library (generic) (3.8%)
*ExifTool*

UninitializedDataSize....: 0InitializedDataSize......: 131072ImageVersion.............: 0.0ProductName..............: ASUS Filter Effect Dynamic Link LibraryFileVersionNumber........: 1.0.0.3LanguageCode.............: Chinese (Traditional)FileFlagsMask............: 0x003fFileDescription..........: ASUS Filter Effect DLLCharacterSet.............: UnicodeLinkerVersion............: 7.1OriginalFilename.........: EffectDLL.DLLMIMEType.................: application/octet-streamSubsystem................: Windows GUIFileVersion..............: 1, 0, 0, 3TimeStamp................: 2007:07:31 05:03:12+02:00FileType.................: Win32 DLLPEType...................: PE32InternalName.............: EffectDLLProductVersion...........: 1, 0, 0, 3SubsystemVersion.........: 4.0OSVersion................: 4.0FileOS...................: Win32LegalCopyright...........: Copyright (C) 2006MachineType..............: Intel 386 or later, and compatiblesCodeSize.................: 290816FileSubtype..............: 0ProductVersionNumber.....: 1.0.0.3EntryPoint...............: 0x1000ObjectFileType...........: Dynamic link library*Sigcheck*

product..................: ASUS Filter Effect Dynamic Link Libraryinternal name............: EffectDLLcopyright................: Copyright (C) 2006original name............: EffectDLL.DLLfile version.............: 1, 0, 0, 3description..............: ASUS Filter Effect DLL*Portable Executable structural information*

Compilation timedatestamp.....: 2007-07-31 03:03:12Target machine................: 0x14C (Intel 386 or later processors and compatible processors)Entry point address...........: 0x00001000PE Sections...................:Name Virtual Address Virtual Size Raw Size Entropy MD5.text 4096 289560 290816 3.43 42fcdec40917a2f2d0d116330165a825.rdata 294912 70211 73728 5.61 f108c9886d8e3a3888b8c90c9f9d60eb.data 368640 23044 8192 4.49 2cc05d7183eb1be598afaadf4ba9ee4d.rsrc 393216 11648 12288 3.86 c0ac679395c284b5e1f991736c6ea24c.reloc 405504 16472 20480 0.00 daa100df6e6711906b61c9ab5aa16032PE Imports....................:comdlg32.dll	GetFileTitleW, GetOpenFileNameW, GetSaveFileNameWCOMCTL32.dllGDI32.dll	SetWindowOrgEx, OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, GetCurrentPositionEx, ArcTo, PolyDraw, PolylineTo, PolyBezierTo, ExtSelectClipRgn, DeleteDC, CreateDIBPatternBrushPt, CreatePatternBrush, CreateCompatibleDC, GetStockObject, SelectPalette, PlayMetaFileRecord, GetObjectType, EnumMetaFile, PlayMetaFile, GetDeviceCaps, CreatePen, ExtCreatePen, ScaleViewportExtEx, CreateHatchBrush, CopyMetaFileW, CreateDCW, Escape, GetDCOrgEx, CreateFontIndirectW, GetTextExtentPoint32W, CreateRectRgnIndirect, SetRectRgn, CombineRgn, GetMapMode, PatBlt, DPtoLP, GetTextMetricsW, ExtTextOutW, TextOutW, RectVisible, PtVisible, StartDocW, GetPixel, BitBlt, GetWindowExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetStretchBltMode, SetROP2, SetPolyFillMode, SetBkMode, SetBkColor, RestoreDC, SaveDC, CreateBitmap, GetObjectW, DeleteObject, CreateSolidBrush, CreateDIBSection, GetViewportExtEx, SelectClipPath, CreateRectRgn, GetClipRgn, SelectClipRgn, SetColorAdjustment, SetArcDirection, SetMapperFlags, SetTextCharacterExtra, SetTextJustification, SetTextAlign, MoveToEx, LineTo, OffsetClipRgn, IntersectClipRect, ExcludeClipRect, GetClipBox, SetMapMode, SetTextColor, SelectObjectADVAPI32.dll	RegQueryValueW, RegCreateKeyW, RegSetValueW, RegDeleteValueW, RegSetValueExW, RegCreateKeyExW, RegCloseKey, RegOpenKeyW, RegEnumKeyW, RegDeleteKeyW, RegOpenKeyExW, RegQueryValueExWKERNEL32.dll	SetEndOfFile, GetFileSize, DuplicateHandle, GetCurrentProcess, FindClose, FindFirstFileW, GetVolumeInformationW, GetFullPathNameW, CreateFileW, GetShortPathNameW, FileTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, SetFileTime, SetFileAttributesW, GetFileAttributesW, GetFileTime, HeapFree, GetCommandLineA, ExitProcess, RtlUnwind, TerminateProcess, ExitThread, CreateThread, HeapAlloc, HeapSize, HeapReAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, UnlockFile, HeapDestroy, HeapCreate, VirtualFree, FatalAppExitA, IsBadWritePtr, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, UnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetUnhandledExceptionFilter, GetTimeZoneInformation, GetOEMCP, GetCPInfo, IsBadReadPtr, IsBadCodePtr, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, SetConsoleCtrlHandler, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GetStringTypeExW, DeleteFileW, MoveFileW, FreeResource, GlobalFindAtomW, lstrlenA, LoadLibraryA, GetVersionExA, CopyFileW, GlobalSize, FormatMessageW, GetLastError, RaiseException, GetModuleHandleA, SetLastError, GlobalFlags, MulDiv, InterlockedIncrement, GetCurrentDirectoryW, lstrcmpiW, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileIntW, SetErrorMode, lstrcatW, lstrcpynW, InterlockedDecrement, TlsFree, GlobalFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalUnlock, GlobalReAlloc, LeaveCriticalSection, LocalFree, LocalAlloc, CreateEventW, SuspendThread, SetEvent, WaitForSingleObject, ResumeThread, SetThreadPriority, CloseHandle, GlobalAddAtomW, FindResourceW, LoadResource, LockResource, SizeofResource, lstrlenW, GetCurrentThread, GetCurrentThreadId, MultiByteToWideChar, GlobalLock, lstrcmpW, GlobalAlloc, FreeLibrary, GlobalDeleteAtom, WideCharToMultiByte, lstrcmpA, lstrcmpiA, GetModuleFileNameW, GetModuleHandleW, GetProcAddress, ConvertDefaultLocale, GetVersion, EnumResourceLanguagesW, lstrcpyW, LoadLibraryW, GetLocaleInfoW, GetVersionExW, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, VirtualQuerygdiplus.dll	GdipCreateHBITMAPFromBitmap, GdipGetImageWidth, GdipCreateBitmapFromHBITMAP, GdipGetImageHeight, GdipDisposeImage, GdiplusStartup, GdipAlloc, GdipFree, GdipCloneImage, GdiplusShutdownWINSPOOL.DRV	DocumentPropertiesW, ClosePrinter, OpenPrinterWSHELL32.dll	SHGetFileInfoW, ExtractIconWole32.dll	CoTaskMemFree, SetConvertStg, WriteFmtUserTypeStg, WriteClassStg, OleRegGetUserType, ReadFmtUserTypeStg, ReadClassStg, CreateBindCtx, CoTaskMemAlloc, ReleaseStgMedium, OleDuplicateData, StringFromCLSID, CoTreatAsClass, CoDisconnectObject, CoCreateInstance, StringFromGUID2, CLSIDFromStringSHLWAPI.dll	PathFindExtensionW, PathRemoveExtensionW, PathFindFileNameW, PathStripToRootW, PathIsUNCWUSER32.dll	InflateRect, GetMenuItemInfoW, DestroyMenu, SystemParametersInfoW, EndDialog, GetNextDlgTabItem, CreateDialogIndirectParamW, GetDialogBaseUnits, GetPropW, RemovePropW, SendDlgItemMessageA, IsWindow, IsChild, GetForegroundWindow, SetActiveWindow, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, LoadIconW, MapWindowPoints, ScrollWindow, TrackPopupMenuEx, TrackPopupMenu, SetScrollRange, GetScrollRange, SetScrollPos, GetScrollPos, SetForegroundWindow, ShowScrollBar, UpdateWindow, GetClientRect, GetMenu, AdjustWindowRectEx, EqualRect, DeferWindowPos, GetScrollInfo, SetScrollInfo, GetClassInfoW, RegisterClassW, SetWindowPlacement, DefWindowProcW, CallWindowProcW, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, CopyRect, GetWindowTextLengthW, SetWindowPos, ScrollWindowEx, SetFocus, CharUpperW, MoveWindow, SetWindowLongW, IsDialogMessageW, IsDlgButtonChecked, UnregisterClassA, SetDlgItemInt, SendDlgItemMessageW, GetDlgItemTextW, GetDlgItemInt, GetDlgItem, CheckRadioButton, CheckDlgButton, LoadCursorW, GetSystemMetrics, GetSysColorBrush, GetMenuStringW, AppendMenuW, GetMenuItemID, GetSubMenu, RemoveMenu, GetSysColor, EndPaint, BeginPaint, ScreenToClient, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, FillRect, ClientToScreen, GetWindow, GetDlgCtrlID, GetWindowRect, PtInRect, GetDesktopWindow, GetWindowTextW, SetWindowTextW, GetClassNameW, MessageBoxW, GetWindowLongW, GetLastActivePopup, IsWindowEnabled, EnableWindow, InsertMenuW, GetMenuItemCount, DeleteMenu, wsprintfW, UnregisterClassW, UnhookWindowsHookEx, SetMenuItemBitmaps, GetFocus, GetParent, ModifyMenuW, GetMenuState, EnableMenuItem, DestroyIcon, RegisterWindowMessageW, WinHelpW, CheckMenuItem, GetMenuCheckMarkDimensions, GetCapture, CreateWindowExW, GetClassInfoExW, GetClassLongW, ShowWindow, SetPropW, LoadBitmapW, SetWindowsHookExW, CallNextHookEx, GetMessageW, TranslateMessage, DispatchMessageW, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageW, GetCursorPos, ValidateRect, ShowOwnedPopups, SendMessageW, SetCursor, PostMessageW, PostQuitMessage, GetDC, ReleaseDC, GetWindowDC, SetDlgItemTextWOLEAUT32.dll	-, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -PE Exports....................:CreateEffectARGB, CreateEffectBitmap, CreateEffectHBITMAP, EnumEffectIds, GetEffectDescription*Symantec Reputation*

Suspicious.Insight*First seen by VirusTotal*

2012-04-30 22:47:27 UTC ( 3 days, 15 hours ago ) *Last seen by VirusTotal*

2012-05-04 14:33:21 UTC ( 11 minutes ago ) *File names (max. 25)*


file-3895358_dll
dyddza.dll
C:\Users\Mike\AppData\Local\FullTiltPoker\ElevatedDiagnostics\dyddza.dll
2059F57600F7F1B2402606B877B5820000970BE0.dll
E:\Downloads\dyddza.dll

https://www.virustotal.com/file/5b8...b128b960aaabec2e1b08793f/analysis/1336142159/
More details
AntivirusResultUpdateAhnLab-V3-20120504AntiVir-20120504Antiy-AVL-20120504Avast-20120504AVG-20120504BitDefenderGen:Variant.Kazy.6811120120504ByteHero-20120502CAT-QuickHeal-20120504ClamAV-20120504Commtouch-20120504Comodo-20120504DrWeb-20120504EmsisoftTrojan-Downloader.Agent!IK20120504eSafe-20120502eTrust-Vet-20120504F-Prot-20120504F-SecureGen:Variant.Kazy.6811120120504Fortinet-20120504GDataGen:Variant.Kazy.6811120120504IkarusTrojan-Downloader.Agent20120504Jiangmin-20120504K7AntiVirus-20120502Kaspersky-20120504McAfee-20120504McAfee-GW-Edition-20120504Microsoft-20120504NOD32-20120504Norman-20120504nProtect-20120504PCTools-20120504Rising-20120504SUPERAntiSpyware-20120411Symantec-20120504TheHacker-20120504TrendMicro-20120504TrendMicro-HouseCall-20120504VBA32-20120504VIPRE-20120504ViRobot-20120504VirusBuster-20120504


Comments
Votes
Additional information
No comments
Dropped by Blackhole exploit kit- injects into user mode processes
Posted 1 week ago by Yousaif










More comments 
*Leave your comment...*

? Rich Text AreaToolbarBold (Ctrl+B)Italic (Ctrl+I)Underline (Ctrl+U)Undo (Ctrl+Z)Redo (Ctrl+Y)StylesStyles▼Remove Formatting
https://www.virustotal.com/file/5b8...128b960aaabec2e1b08793f/analysis/1336142159/#
Post comment
*You have not signed in.* Only registered users can leave comments, sign in and have a voice! 
Sign in Join the community 

No votes









Yousaif

-14

2012-04-26 20:52:54 UTC ( 1 week ago ) 









More votes









An error occurred 
*ssdeep*

3072:isZnUr4jrU/QlAFPqL+VPww2nXFhTiRJoAhKcAg0FuLKlfx2Q5A96kZ:lUr4jw/Q2FdVowufTeJoAPAOc4Q5v *TrID*

Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
*ExifTool*

FileDescription..........: MPEG-4 Video Encoder EngineComments.................: official release buildInitializedDataSize......: 245760ImageVersion.............: 0.0ProductName..............: MainConcept MPEG-4 Video Encoder EngineFileVersionNumber........: 7.20.0.17519LanguageCode.............: English (U.S.)FileFlagsMask............: 0x30003fCharacterSet.............: Windows, Latin1LinkerVersion............: 7.1OriginalFilename.........: mcmpeg4vout.dllPrivateBuild.............: MPEG-4 Video Encoder EngineMIMEType.................: application/octet-streamSubsystem................: Windows GUIFileVersion..............: 7.20.0.17519 2007/08/07TimeStamp................: 2007:08:08 01:48:00+02:00FileType.................: Win32 DLLPEType...................: PE32InternalName.............: mcmpeg4voutSubsystemVersion.........: 4.0ProductVersion...........: 7.20.0UninitializedDataSize....: 0OSVersion................: 4.0FileOS...................: Windows 32-bitLegalCopyright...........: Copyright MainConcept AG 2007MachineType..............: Intel 386 or later, and compatiblesCompanyName..............: MainConcept AGCodeSize.................: 237568FileSubtype..............: 0ProductVersionNumber.....: 7.20.0.17519EntryPoint...............: 0x1000ObjectFileType...........: Dynamic link library*Sigcheck*

publisher................: MainConcept AGproduct..................: MainConcept_ MPEG-4 Video Encoder Engineinternal name............: mcmpeg4voutcopyright................: Copyright(c) MainConcept AG 2007original name............: mcmpeg4vout.dllcomments.................: official release buildfile version.............: 7.20.0.17519 2007/08/07description..............: MPEG-4 Video Encoder Engine*Portable Executable structural information*

Compilation timedatestamp.....: 2007-08-07 23:48:00Target machine................: 0x14C (Intel 386 or later processors and compatible processors)Entry point address...........: 0x00001000PE Sections...................:Name Virtual Address Virtual Size Raw Size Entropy MD5.text 4096 233956 237568 4.38 49551009336fe96dd73d3f4ddd094b5c.rdata 241664 36499 36864 5.40 eda3c4c2a24c9ffc89f1cfba16e24854.data 278528 183612 45056 2.75 d18d6f3c59bc648a340dd9c047e61c9f.rodata 462848 6568 8192 4.71 cd3f6bcbeaa340f7cd2e03db4bac1c0d.rsrc 471040 1112 4096 1.17 77ebc821eaa0f5adff8d770d4164612c.reloc 475136 8502 12288 3.87 046cfa459734bf7c1ca41ba68aeab374PE Imports....................:KERNEL32.dll	GetProfileIntA, CreateEventA, CloseHandle, WaitForSingleObject, LeaveCriticalSection, EnterCriticalSection, SetEvent, SetThreadPriority, GetThreadPriority, GetCurrentThread, DeleteCriticalSection, ResetEvent, InitializeCriticalSection, GetProcessAffinityMask, GetCurrentProcess, GetSystemInfo, GetCurrentThreadId, CreateThread, HeapFree, HeapAlloc, GetCommandLineA, GetVersionExA, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, ExitProcess, TerminateProcess, TlsAlloc, SetLastError, GetLastError, TlsFree, TlsSetValue, TlsGetValue, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, UnhandledExceptionFilter, WriteFile, SetFilePointer, RtlUnwind, InterlockedExchange, VirtualQuery, GetACP, GetOEMCP, GetCPInfo, LoadLibraryA, SetStdHandle, FlushFileBuffers, LCMapStringA, MultiByteToWideChar, LCMapStringW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, HeapSize, GetLocaleInfoA, GetStringTypeA, GetStringTypeW, RaiseException, VirtualProtectPE Exports....................:m4OutVideoChkSettings, m4OutVideoDefaults, m4OutVideoDone, m4OutVideoFlush, m4OutVideoFree, m4OutVideoGetParSets, m4OutVideoInit, m4OutVideoNew, m4OutVideoPerformance, m4OutVideoPutFrame, m4OutVideoPutFrameV, m4OutVideoUpdateSettings*Symantec Reputation*

Suspicious.Insight*First seen by VirusTotal*

2012-04-26 18:21:48 UTC ( 1 week ago ) *Last seen by VirusTotal*

2012-05-04 14:35:59 UTC ( 1 minute ago ) *File names (max. 25)*


C:\Users\Mike\AppData\Local\Verizon\jtvsoghp.dll
jtvsoghp.dll
B37369E9F035C9B5601305A6EDA50C00B4023A84.dll
file-3865865_dll


----------



## kevinf80 (Mar 21, 2006)

OK do the following:

Please download *OTM by OldTimer*.

*Alternative Mirror 1*
*Alternative Mirror 2*

Save it to your desktop.

Double click *OTM.exe* to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....

*Copy* the text from the code box belowbelow to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
C:\Users\Mike\AppData\Local\FullTiltPoker
C:\Users\Mike\AppData\Local\Verizon
:Commands
[EmptyTemp]
```

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*

Ensure that Combofix is saved directly to the Desktop * <--- Very important*

Run Combofix as you did initially, let me see the logs from OTM and Combofix in your reply..

Kevin


----------



## mlanspery (Apr 29, 2012)

Kevin, here are the logs:

OTM:

All processes killed
========== FILES ==========
C:\Users\Mike\AppData\Local\FullTiltPoker\ElevatedDiagnostics folder moved successfully.
C:\Users\Mike\AppData\Local\FullTiltPoker folder moved successfully.
C:\Users\Mike\AppData\Local\Verizon folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mike
->Temp folder emptied: 2369917 bytes
->Temporary Internet Files folder emptied: 151702669 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6006792 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 676 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19680 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 153.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 05042012_175748
Files moved on Reboot...
C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...

Combofix:

ComboFix 12-05-04.03 - Mike 05/04/2012 18:05:24.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4063.2519 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mike\AppData\Local\Temp\{C9BE5635-CA35-49E6-9432-4816F5E96690}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))
.
.
2012-05-04 22:13 . 2012-05-04 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-04 21:57 . 2012-05-04 21:57 -------- d-----w- C:\_OTM
2012-05-04 00:10 . 2012-05-04 00:10 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 23:58 . 2012-05-03 23:58 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-03 23:53 . 2012-05-03 23:52 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-03 23:39 . 2012-05-04 00:10 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-03 23:39 . 2012-05-03 23:39 -------- d-----w- c:\windows\system32\Macromed
2012-05-03 23:09 . 2012-05-03 23:09 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-05-01 01:49 . 2012-05-01 01:49 -------- d-----w- C:\_OTL
2012-04-30 12:29 . 2012-04-30 12:29 -------- d-----w- c:\program files (x86)\ESET
2012-04-13 13:48 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 13:48 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-13 13:48 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-13 13:43 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 13:43 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 13:43 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 13:43 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 13:43 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 13:43 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 13:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 00:10 . 2011-07-05 03:42 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-03 23:52 . 2010-04-22 00:28 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56 . 2010-07-25 00:37 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-07 12:32 . 2012-03-07 12:32 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-17 06:38 . 2012-03-14 11:18 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 11:18 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 11:18 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 11:18 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 11:18 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 11:18 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( [email protected]_00.08.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-05-04 22:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-30 00:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-30 00:08 16384  c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-04 22:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-12 19:09 . 2012-05-04 22:01 67032 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-04 22:01 48482 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-02 01:23 . 2012-05-04 22:01 13784 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3308639748-1256008133-3562106641-1000_UserData.bin
- 2009-12-01 23:50 . 2012-04-30 00:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-01 23:50 . 2012-05-04 22:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-01 23:50 . 2012-04-30 00:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-05-04 22:01 . 2012-05-04 22:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-30 00:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-04 22:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-03 23:50 94352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-06-06 16:55 . 2011-06-06 16:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2010-01-07 20:10 . 2012-04-30 03:29 1944 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-04-30 00:08 . 2012-04-30 00:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-04 22:14 . 2012-05-04 22:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-30 00:08 . 2012-04-30 00:08 2048  c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-04 22:14 . 2012-05-04 22:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-04 00:10 . 2012-05-04 00:10 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe
+ 2012-05-03 23:39 . 2012-05-03 23:39 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
+ 2012-05-03 23:39 . 2012-05-03 23:39 424608 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.dll
+ 2012-05-03 23:39 . 2012-05-04 00:10 253088 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-05-03 23:53 . 2012-05-03 23:52 157472 c:\windows\SysWOW64\javaws.exe
- 2011-07-21 17:21 . 2011-05-04 08:52 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-05-03 23:53 . 2012-05-03 23:52 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-05-03 23:53 . 2012-05-03 23:52 149280 c:\windows\SysWOW64\java.exe
- 2009-07-14 04:54 . 2012-04-30 00:08 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-04 22:14 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-02 16:45 . 2012-05-03 01:38 321104 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-12-02 11:10 . 2012-05-04 21:41 380776 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-05-04 22:06 624412 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-29 14:33 624412 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-29 14:33 106756 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-04 22:06 106756 c:\windows\system32\perfc009.dat
+ 2012-05-04 00:10 . 2012-05-04 00:10 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_Plugin.exe
+ 2012-05-03 23:39 . 2012-05-03 23:39 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe
+ 2012-05-03 23:39 . 2012-05-03 23:39 462496 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.dll
- 2010-07-11 15:33 . 2012-04-26 15:25 921176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-07-11 15:33 . 2012-04-30 20:54 921176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-04-30 00:07 272312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-04 22:13 272312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-03 23:58 . 2012-05-03 23:58 207360 c:\windows\Installer\15ea37d.msi
+ 2012-05-03 23:51 . 2012-05-03 23:51 906752 c:\windows\Installer\15ea36d.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-05-04 00:10 . 2012-05-04 00:10 8797344 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
+ 2011-07-17 00:06 . 2012-05-04 00:00 4124740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3308639748-1256008133-3562106641-1000-8192.dat
+ 2011-11-16 21:01 . 2012-05-04 00:00 1277692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3308639748-1256008133-3562106641-1000-12288.dat
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\1373129.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-05-04 00:10 . 2012-05-04 00:10 11589280 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll
+ 2011-07-17 00:06 . 2012-05-04 22:13 32371080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3308639748-1256008133-3562106641-1000-4096.dat
+ 2012-04-04 11:17 . 2012-04-04 11:17 16613376 c:\windows\Installer\137312a.msp
+ 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-14 39408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ElevatedDiagnostics"="c:\users\Mike\AppData\Local\FullTiltPoker\ElevatedDiagnostics\xdlqzl.dll" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-02 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 253088]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-02 135664]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 02:44];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 01:04 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-03-17 517632]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-18 365952]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Verizon\VSP\ServicepointService.exe [2011-01-10 689464]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-02-01 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-02-01 185640]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-27 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-27 116096]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-11-18 721712]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 00:10]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-02 03:26]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-02 03:26]
.
2012-04-26 c:\windows\Tasks\HPCeeScheduleForMike.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 08:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.jetsinsider.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://38.104.166.66/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7dvygasy.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z144&ocid=zdhp&install_date=20111220
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Verizon - c:\users\Mike\AppData\Local\Verizon\jtvsoghp.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-05-04 18:20:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-04 22:20
ComboFix2.txt 2012-05-03 17:14
ComboFix3.txt 2012-04-30 11:19
ComboFix4.txt 2012-04-30 00:14
.
Pre-Run: 363,137,712,128 bytes free
Post-Run: 363,072,438,272 bytes free
.
- - End Of File - - 551E5794A074C69BB30473D3C3AA99D8


----------



## kevinf80 (Mar 21, 2006)

Any improvement?


----------



## mlanspery (Apr 29, 2012)

I think you may have done it Kevin! I've been searching around for the last 45 minutes or so, and so far so good! No redirects and no pop ups. I'd imagine I need to keep monitoring it for a little while before it can be called totally cured, but I really think you fixed it.


----------



## mlanspery (Apr 29, 2012)

Still working fine Kevin! What exactly was this little bugger? And what did you do that got rid of it?


----------



## kevinf80 (Mar 21, 2006)

Yes this was a difficult one to find, even after killing what we did with some very comprehennsive tools the redirects were still occuring.
Rogue killer finally identified the remainder of the infection, shown in reply #32, We finished it off with OTM removing the malicious folders that contained the unwanted guests.
I asked for the fresh CF scan just to be sure, your feedback is confirmation we have finally killed off the infection.

OK, lets clean up:

*Step 1*

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")









 Please follow the prompts to uninstall Combofix.
 You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:

 ComboFix and its associated files and folders.
 VundoFix backups, if present
 The C:_OtMoveIt folder, if present
 Reset the clock settings.
 Hide file extensions, if required.
 Hide System/Hidden files, if required.
 Reset System Restore.

*It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.*

*Step 2*

Remove ESET online scanner:


 Click Start, type *Uninstall a Program* into the Search programs and files box, and then press ENTER.
 Click to select *ESET Online Scanner* from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall *ESETonline Scanner*, only re-boot if prompted.

*Step 3*


 Re-open







to run it. (Vista and Win 7 users, right click on OTL and "Run as administrator")
 Click on the







button.
 Click Yes to begin the cleanup process and remove tools, including this application
 You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

*Any tools or logs left on the Desktop can be deleted or dragged to the recycle bin*

*Step 4*

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select Run as Administartor
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

*Step 5*

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Checker. Please ignore any *Beta* updates.

If Java or Adobe are updated please check in "Uninstall a Program" via start > control panel. If there are any old versions, remove them...

Let me know if the above steps complete OK, also if any remaining issues or concerns..

Kevin


----------

