# Cpu usage at 100%, overheating, and continually freezes!



## xshine25 (Jul 7, 2012)

I have a CPU and RAM usage meter on my laptop's desktop. Upon start up the CPU usage meter will fluctuate between 17% to 25% while the RAM usage meter fluctuates between 24% to 43%. Slowly but surely each will increase, until the CPU usage is at 100% and RAM usage continues to fluctuate between 24% to 45%. All this in approximately 10mins and without even accessing the internet. Once I have accessed the internet via either Internet Explorer, Google Chrome, or Firefox, the CPU usage stays at a constant 100% and can suddenly drop to 53% +/- and shoot right back up to 100%. Even though the cooling fan is at max the laptop stays extremely hot and overheated. The laptop freezes and can't get anything done.
Because of my work, I tend to have many internet browser tabs and documents opened at once. Also usually have Firefox & either Internet Explorer or Google Chrome opened. I started to notice the problem about 2 weeks ago and has now become frustrating. 
About a week ago I was told by a friend to run Malwarebytes Anti-Malware. When I did this it detected what I think were a few viruses, which I quickly quarantined and deleted. I was then told to download ESET Online Scanner v3. I did this but this time just ran a scan. After doing so it detected various viruses. I did not delete them thinking that I should seek help in this forum instead.
I have included the log for HijackThis, DDS.txt, and attached Attach.txt. I did not download GMER, since I have a 64-bit operating system.
Someone please help. Thank you!

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3998 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1807 Mb
Hard Drives: C: Total - 462271 MB, Free - 346357 MB; D: Total - 14363 MB, Free - 2226 MB; E: Total - 99 MB, Free - 92 MB;
Motherboard: Hewlett-Packard, 1484
Antivirus: Norton Internet Security, Disabled

HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:49:28 AM, on 7/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\GEORGE\AppData\Local\MediaSearch\search.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\GEORGE\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchbrowsing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ACC01A56-70E3-472E-9C4F-83B1DA817DD8} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\GEORGE\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MediaSearch] "C:\Users\GEORGE\AppData\Local\MediaSearch\search.exe" --silent
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\GEORGE\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 14357 bytes

DDS.txt LOG .
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by GEORGE at 3:51:43 on 2012-07-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.1869 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\GEORGE\AppData\Local\MediaSearch\search.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer provided by Yahoo!
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
mStart Page = hxxp://www.searchbrowsing.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {ACC01A56-70E3-472E-9C4F-83B1DA817DD8} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\GEORGE\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [MediaSearch] "C:\Users\GEORGE\AppData\Local\MediaSearch\search.exe" --silent
uRun: [Facebook Update] "C:\Users\GEORGE\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [AdobeBridge] 
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\GEORGE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-explorer: NoInstrumentation = 1
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7A2AAD8D-00ED-4328-8C39-9EA02965B7FB} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7A2AAD8D-00ED-4328-8C39-9EA02965B7FB}\14F5035363 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7A2AAD8D-00ED-4328-8C39-9EA02965B7FB}\361626C65667963796F6E60303 : DhcpNameServer = 10.3.77.26 10.3.1.100 10.3.1.221
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {ACC01A56-70E3-472E-9C4F-83B1DA817DD8} - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
FF - component: C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll
FF - component: C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll
FF - component: C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\GEORGE\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\GEORGE\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\GEORGE\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 989c0cff00000000000070f1a17f3422
FF - user.js: extensions.BabylonToolbar_i.hardId - 989c0cff00000000000070f1a17f3422
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15412
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:37:46
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
user_pref('extensions.dealply.partner', 'iron');
.
user_pref('extensions.dealply.channel', 'iron3');
.
user_pref('extensions.dealply.installId', 'v23600299380346543056042012031317380421');
.
user_pref('extensions.dealply.installIdSource', 'inst');
.
user_pref('extensions.dealply.sampleGroup', '1');
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1100000.088\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1100000.088\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1100000.088\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1100000.088\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx64.sys [2010-4-27 641584]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1100000.088\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1100000.088\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVia64.sys [2010-4-27 467504]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1100000.088\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1100000.088\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\drivers\NISx64\1100000.088\SYMTDIV.SYS --> C:\Windows\system32\drivers\NISx64\1100000.088\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-27 98208]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-7 654408]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2010-4-27 126392]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-4-27 132656]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-31 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-31 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-29 113120]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-27 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TotRec8;Total Recorder WDM audio filter driver;\??\C:\Windows\system32\drivers\TotRec8.sys --> C:\Windows\system32\drivers\TotRec8.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-10 05:14:18 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-29 06:41:16 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-29 06:41:10 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-29 06:41:10 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-29 06:41:09 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-29 06:41:09 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-23 01:40:53 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-06-22 22:57:35 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 22:57:11 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 22:56:28 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 22:56:28 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-17 01:48:58 -------- d-----w- C:\Program Files (x86)\Corel
2012-06-11 20:03:39 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BD821062-32B8-4959-BA78-8C2E62BA7E9A}\mpengine.dll
2012-06-10 18:26:24 -------- d-----w- C:\Users\GEORGE\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2012-07-08 19:20:20 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-08 19:20:20 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-31 04:10:48 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2012-04-20 07:39:07 30601 ----a-w- C:\Users\GEORGE\x.exe
.
============= FINISH: 3:52:45.56 ===============


----------



## xshine25 (Jul 7, 2012)

Not sure if it matters but I access the internet via wi-fi.


----------



## xshine25 (Jul 7, 2012)

and 5 other ppl including my 16yr old son use the same laptop for work, school, and leisure.


----------



## xshine25 (Jul 7, 2012)

laptop also very slow when turned on. cooling fan at max and quickly drains the battery. I hope that I have provided enought information for someone to help. Thanks!


----------



## xshine25 (Jul 7, 2012)

Someone help!


----------



## kevinf80 (Mar 21, 2006)

Hell xshine25 and welcome to TSG,

Apologies for the wait, this forum is extremely busy. I'm kevinf80 and I will be helping with any malware issues you may have with your system.


 Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
 Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
 Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
 Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go *Here* and follow the instructions specific for your operating system.

Please proceed as follows :-

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## xshine25 (Jul 7, 2012)

Hi Kevinf80,
Let me briefly appologize, this is my first log-in since my last post. I will follow your exact instructions. Will post soon as I do so. Thank you!


----------



## kevinf80 (Mar 21, 2006)

OK, thanks for the reply. I`m currently in hospital waiting for an operation, due to complications this is on hold until maybe tuesday next week. I`ll reply as long as i`m able, if the situation changes i`ll ask one of the other guys to take over your thread...


----------



## xshine25 (Jul 7, 2012)

Kevinf80,
Sorry to hear about your upcoming surgery. Hope that you feels better and that you everything turns out better than expected. If for any reason you cannot continue helping me, I thank you and greatly appreciate having one of the other specialists take over my thread. Thank you!

Here is the ComboFix log that I performed. Waiting on further instructions.

ComboFix 12-07-29.02 - GEORGE 07/30/2012 1:50.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2545 [GMT -5:00]
Running from: c:\users\GEORGE\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPlyTune.dll
c:\users\GEORGE\AppData\Local\MediaSearch\search.exe
c:\users\GEORGE\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1800FCA1-CE45-47A8-A7A8-5CEC4BC57987}.xps
c:\users\GEORGE\AppData\Local\Microsoft\Windows\Temporary Internet Files\{38CCC615-1997-4A56-8C84-7E74DB5CC6FE}.xps
c:\users\GEORGE\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A1B5A773-32CE-4126-ACB0-90E06E2053FD}.xps
c:\users\GEORGE\AppData\Local\WideSearch
c:\users\GEORGE\AppData\Local\WideSearch\wsearch.exe
c:\users\GEORGE\x.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 07:02 . 2012-07-30 07:02 -------- d-----w- c:\users\Mar\AppData\Local\temp
2012-07-30 07:02 . 2012-07-30 07:02 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-30 07:02 . 2012-07-30 07:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 20:11 . 2012-07-22 20:11 -------- d-----w- c:\programdata\EPS
2012-07-22 20:11 . 2012-07-22 20:11 -------- d-----w- c:\program files (x86)\My-Proxy
2012-07-22 19:10 . 2012-07-22 19:10 -------- d-----w- c:\users\GEORGE\AppData\Roaming\tor
2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\users\GEORGE\AppData\Local\Tific
2012-07-21 15:29 . 2012-07-21 15:29 -------- d-----w- c:\users\GEORGE\AppData\Roaming\Tific
2012-07-21 15:29 . 2012-07-21 15:29 -------- d-----w- c:\users\GEORGE\AppData\Local\Symantec
2012-07-16 05:14 . 2012-07-16 05:14 -------- d-----w- c:\users\GEORGE\AppData\Roaming\SUPERAntiSpyware.com
2012-07-16 05:13 . 2012-07-16 05:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-16 05:13 . 2012-07-16 05:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-14 03:29 . 2012-07-14 03:29 400168 ----a-w- c:\windows\system32\SynCOM.dll
2012-07-14 03:29 . 2012-07-14 03:29 271144 ----a-w- c:\windows\system32\SynCtrl.dll
2012-07-14 03:29 . 2012-07-14 03:29 215336 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-07-14 03:29 . 2012-07-14 03:29 214312 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-07-14 03:29 . 2012-07-14 03:29 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-07-14 03:29 . 2012-07-14 03:29 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-07-14 03:29 . 2012-07-14 03:29 1390640 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-07-14 03:29 . 2012-07-14 03:29 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-07-14 02:17 . 2012-07-14 02:17 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-07-10 05:14 . 2012-07-10 05:14 -------- d-----w- c:\program files (x86)\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 15:58 . 2012-03-31 05:21 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-23 15:58 . 2012-01-31 08:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2012-04-07 08:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-04 16:34 . 2012-06-04 16:34 3584 ----a-r- c:\users\GEORGE\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-06-02 22:19 . 2012-06-22 22:57 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 22:57 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 22:57 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 22:57 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 22:57 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 22:57 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 22:57 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 22:56 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 22:56 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 04:10 . 2012-06-05 08:10 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-05-08 17:02 . 2012-06-11 20:03 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD821062-32B8-4959-BA78-8C2E62BA7E9A}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592]
"Facebook Update"="c:\users\GEORGE\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-05-31 336992]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
c:\users\GEORGE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2011-12-15 121584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-31 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1100000.088\SYMDS64.SYS [2009-08-30 433200]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1100000.088\SYMEFA64.SYS [2009-08-30 217136]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx64.sys [2009-08-30 641584]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1100000.088\ccHPx64.sys [2009-08-24 615040]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVia64.sys [2009-08-30 467504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1100000.088\Ironx64.SYS [2009-08-30 146992]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NISx64\1100000.088\SYMTDIV.SYS [2009-08-30 450608]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 132656]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-05 144896]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-09-08 1225832]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000Core.job
- c:\users\GEORGE\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-13 21:18]
.
2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000UA.job
- c:\users\GEORGE\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-13 21:18]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 21:13]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 21:13]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000Core.job
- c:\users\GEORGE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 18:02]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000UA.job
- c:\users\GEORGE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 18:02]
.
2012-07-14 c:\windows\Tasks\HPCeeScheduleForGEORGE-PC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-07-14 c:\windows\Tasks\HPCeeScheduleForGEORGE.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-24 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.searchbrowsing.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 23.21.64.122:80
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - prefs.js: network.proxy.ftp - 69.163.239.41
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 69.163.239.41
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 69.163.239.41
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 69.163.239.41
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 989c0cff00000000000070f1a17f3422
FF - user.js: extensions.BabylonToolbar_i.hardId - 989c0cff00000000000070f1a17f3422
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15412
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:37
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.dealply.partner', 'iron');
user_pref('extensions.dealply.channel', 'iron3');
user_pref('extensions.dealply.installId', 'v23600299380346543056042012031317380421');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '1');
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-MediaSearch - c:\users\GEORGE\AppData\Local\MediaSearch\search.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
Toolbar-10 - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*Ö[ö`Ù5sÐ]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*Ö[‚iÛ?-]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥FuE¥FuÖ[ö`q*sÐ]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,90,e2,4d,37,3f,12,65,45,91,64,39,c4,92,5e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*þÿÿÿE¥¿tE¥¿tÖ[ZZÏ¢äŠ1*°³1*˜†1*]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,90,e2,4d,37,3f,12,65,45,91,64,39,c4,92,5e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*þÿÿÿE¥FuE¥FuÖ[ö`m4sÐø˜7*ÄÁ7*¨"7*]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[ö`Ù5sÐ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[ö`Ù5sÐ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[‚iÛ?-]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[‚iÛ?-\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FuE¥FuÖ[ö`q*sÐ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FuE¥FuÖ[ö`q*sÐ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿE¥¿tE¥¿tÖ[ZZÏ¢äŠ1*°³1*˜†1*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿE¥¿tE¥¿tÖ[ZZÏ¢äŠ1*°³1*˜†1*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿE¥FuE¥FuÖ[ö`m4sÐø˜7*ÄÁ7*¨"7*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿE¥FuE¥FuÖ[ö`m4sÐø˜7*ÄÁ7*¨"7*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*Ö[ö`Ù5sÐ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:6a,00,63,00,2e,00,6a,70,67,00,d6,5b,f6,60,d9,35,73,d0,10,01,00,00,76,
00,36,00,00,00,00,00,00,00,00,00,00,00,6a,00,63,00,2e,00,6a,70,67,00,d6,5b,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*Ö[‚iÛ?-]
@Allowed: (Read) (RestrictedCode)
"0"=hex:6a,00,63,00,32,00,2e,00,6a,70,67,00,d6,5b,82,69,db,3f,2d,16,10,01,00,
00,7a,00,36,00,00,00,00,00,00,00,00,00,00,00,6a,00,63,00,32,00,2e,00,6a,70,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥FuE¥FuÖ[ö`q*sÐ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:62,00,6c,00,61,00,63,00,6b,00,20,00,68,00,61,00,6c,00,66,00,20,00,62,
00,61,00,6e,00,64,00,61,00,6e,00,61,00,2e,00,6a,70,67,00,45,a5,46,75,45,a5,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*þÿÿÿE¥¿tE¥¿tÖ[ZZÏ¢äŠ1*°³1*˜†1*]
@Allowed: (Read) (RestrictedCode)
"0"=hex:63,00,6f,00,72,00,65,00,6c,00,20,00,70,00,61,00,69,00,6e,00,74,00,20,
00,63,00,72,00,6f,00,70,00,2e,00,6a,70,67,00,fe,ff,ff,ff,45,a5,bf,74,45,a5,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*þÿÿÿE¥FuE¥FuÖ[ö`m4sÐø˜7*ÄÁ7*¨"7*]
@Allowed: (Read) (RestrictedCode)
"0"=hex:6a,00,63,00,2e,00,6a,70,67,00,fe,ff,ff,ff,45,a5,46,75,45,a5,46,75,d6,
5b,f6,60,6d,34,73,d0,f8,98,37,00,c4,c1,37,00,a8,94,37,00,00,00,a2,00,36,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-07-30 02:12:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-30 07:12
.
Pre-Run: 360,335,458,304 bytes free
Post-Run: 363,911,016,448 bytes free
.
- - End Of File - - 7C516D71C2C6550EA6D7A519A69C6C28


----------



## kevinf80 (Mar 21, 2006)

Yep i`m still about for now although still in hospital, my surgery is booked for weds. Thanks for your kind words, ok do the following:

*Step 1*

1. Close any open browsers.

2. *Close/disable all anti virus and anti malware programs* so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
Killall::
ClearJavaCache::
DirLook::
c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
Firefox::
FF - ProfilePath - c:\users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 989c0cff00000000000070f1a17f3422
FF - user.js: extensions.BabylonToolbar_i.hardId - 989c0cff00000000000070f1a17f3422
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15412
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:37
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
RegNull::
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePi dlMRU\jpg*Ö[ö`Ù5sÐ]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,0 0,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03, \
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePi dlMRU\jpg*Ö[iÛ?-]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,0 0,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03, \
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePi dlMRU\jpg*E¥FuE¥FuÖ[ö`q*sÐ]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,0 0,
00,1a,00,ee,bb,fe,23,00,00,10,00,90,e2,4d,37,3f,12,65,45,91,64,39,c4,92,5e, \
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePi dlMRU\jpg*þÿÿÿE¥¿tE¥¿tÖ[ZZÏ¢ä1*°³1*1*]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,0 0,
00,1a,00,ee,bb,fe,23,00,00,10,00,90,e2,4d,37,3f,12,65,45,91,64,39,c4,92,5e, \
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePi dlMRU\jpg*þÿÿÿE¥FuE¥FuÖ[ö`m4sÐø7*ÄÁ7*¨7*]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,0 0,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03, \
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[ö`Ù5sÐ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[ö`Ù5sÐ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[iÛ?-]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[iÛ?-\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥Fu E¥FuÖ[ö`q*sÐ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥Fu E¥FuÖ[ö`q*sÐ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿ E¥¿tE¥¿tÖ[ZZÏ¢ä1*°³1*1*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿ E¥¿tE¥¿tÖ[ZZÏ¢ä1*°³1*1*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿ E¥FuE¥FuÖ[ö`m4sÐø7*ÄÁ7*¨7*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿ E¥FuE¥FuÖ[ö`m4sÐø7*ÄÁ7*¨7*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*Ö[ö`Ù5sÐ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:6a,00,63,00,2e,00,6a,70,67,00,d6,5b,f6,60,d9,35,73,d0,10,01,00,00,7 6,
00,36,00,00,00,00,00,00,00,00,00,00,00,6a,00,63,00,2e,00,6a,70,67,00,d6,5b, \
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*Ö[iÛ?-]
@Allowed: (Read) (RestrictedCode)
"0"=hex:6a,00,63,00,32,00,2e,00,6a,70,67,00,d6,5b,82,69,db,3f,2d,16,10,01,0 0,
00,7a,00,36,00,00,00,00,00,00,00,00,00,00,00,6a,00,63,00,32,00,2e,00,6a,70, \
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥ FuE¥FuÖ[ö`q*sÐ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:62,00,6c,00,61,00,63,00,6b,00,20,00,68,00,61,00,6c,00,66,00,20,00,6 2,
00,61,00,6e,00,64,00,61,00,6e,00,61,00,2e,00,6a,70,67,00,45,a5,46,75,45,a5, \
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*þÿ ÿÿE¥¿tE¥¿tÖ[ZZÏ¢ä1*°³1*1*]
@Allowed: (Read) (RestrictedCode)
"0"=hex:63,00,6f,00,72,00,65,00,6c,00,20,00,70,00,61,00,69,00,6e,00,74,00,2 0,
00,63,00,72,00,6f,00,70,00,2e,00,6a,70,67,00,fe,ff,ff,ff,45,a5,bf,74,45,a5, \
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*þÿ ÿÿE¥FuE¥FuÖ[ö`m4sÐø7*ÄÁ7*¨7*]
@Allowed: (Read) (RestrictedCode)
"0"=hex:6a,00,63,00,2e,00,6a,70,67,00,fe,ff,ff,ff,45,a5,46,75,45,a5,46,75,d 6,
5b,f6,60,6d,34,73,d0,f8,98,37,00,c4,c1,37,00,a8,94,37,00,00,00,a2,00,36,00, \
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

*Step 2*

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








*Leave the tick out of remove found threats*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

*Also be aware this scan can take several hours to complete depending on the size of your system.*

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

Post those two logs, also there is an internet proxy server running in Internet explorer and Firefox, are you aware of those??

Thanks,

Kevin..


----------



## xshine25 (Jul 7, 2012)

Hi Kevinf80,
Hope you are feeling better today. Here are the ComboFix and ESET Online Scan logs that you asked for. No sorry, don't know what an internet proxy server is. Is that good or bad? Should I ground my son for that?
Laptop still freezing up and CPU usage is at 100%. Cooling fan also continues at full speed non-stop, just incase you were wondering. Thanks!

COMBOFIX LOG:
ComboFix 12-07-30.01 - GEORGE 07/30/2012 10:07:06.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2514 [GMT -5:00]
Running from: c:\users\GEORGE\Desktop\ComboFix.exe
Command switches used :: c:\users\GEORGE\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 15:17 . 2012-07-30 15:17 -------- d-----w- c:\users\Mar\AppData\Local\temp
2012-07-30 15:17 . 2012-07-30 15:17 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-30 15:17 . 2012-07-30 15:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 20:11 . 2012-07-22 20:11 -------- d-----w- c:\programdata\EPS
2012-07-22 20:11 . 2012-07-22 20:11 -------- d-----w- c:\program files (x86)\My-Proxy
2012-07-22 19:10 . 2012-07-22 19:10 -------- d-----w- c:\users\GEORGE\AppData\Roaming\tor
2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\users\GEORGE\AppData\Local\Tific
2012-07-21 15:29 . 2012-07-21 15:29 -------- d-----w- c:\users\GEORGE\AppData\Roaming\Tific
2012-07-21 15:29 . 2012-07-21 15:29 -------- d-----w- c:\users\GEORGE\AppData\Local\Symantec
2012-07-16 05:14 . 2012-07-16 05:14 -------- d-----w- c:\users\GEORGE\AppData\Roaming\SUPERAntiSpyware.com
2012-07-16 05:13 . 2012-07-16 05:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-16 05:13 . 2012-07-16 05:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-14 03:29 . 2012-07-14 03:29 400168 ----a-w- c:\windows\system32\SynCOM.dll
2012-07-14 03:29 . 2012-07-14 03:29 271144 ----a-w- c:\windows\system32\SynCtrl.dll
2012-07-14 03:29 . 2012-07-14 03:29 215336 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-07-14 03:29 . 2012-07-14 03:29 214312 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-07-14 03:29 . 2012-07-14 03:29 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-07-14 03:29 . 2012-07-14 03:29 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-07-14 03:29 . 2012-07-14 03:29 1390640 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-07-14 03:29 . 2012-07-14 03:29 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-07-14 02:17 . 2012-07-14 02:17 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 15:58 . 2012-03-31 05:21 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-23 15:58 . 2012-01-31 08:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2012-04-07 08:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-04 16:34 . 2012-06-04 16:34 3584 ----a-r- c:\users\GEORGE\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-06-02 22:19 . 2012-06-22 22:57 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 22:57 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 22:57 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 22:57 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 22:57 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 22:57 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 22:57 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 22:56 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 22:56 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 04:10 . 2012-06-05 08:10 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-05-08 17:02 . 2012-06-11 20:03 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD821062-32B8-4959-BA78-8C2E62BA7E9A}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} ----
.
2012-07-14 02:17 . 2012-07-14 02:17 21494 ----a-w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}\0x0409.ini
2012-07-14 02:17 . 2012-07-14 02:17 47848756 ----a-w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}\HP Support Assistant.msi
.
.
((((((((((((((((((((((((((((( [email protected]_07.05.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-24 17:51 . 2012-07-30 13:57 51884 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-30 15:22 50188 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-19 05:00 . 2012-07-30 15:22 17550 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2257943674-3338997938-4154493867-1000_UserData.bin
- 2009-07-14 05:30 . 2012-07-30 07:04 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-07-30 15:19 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-07-30 15:18 . 2012-07-30 15:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-30 07:04 . 2012-07-30 07:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-30 15:18 . 2012-07-30 15:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-30 07:04 . 2012-07-30 07:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-27 08:51 . 2012-07-30 14:52 328648 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-30 05:13 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-30 14:56 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-30 05:13 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-30 14:56 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-07-30 07:04 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-30 15:19 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-07-30 07:04 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-07-30 15:19 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-07-30 07:03 536400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-30 15:18 536400  c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-01 09:45 . 2012-07-30 15:18 31892579 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2257943674-3338997938-4154493867-1000-8192.dat
- 2012-02-01 09:45 . 2012-07-30 07:03 31892579 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2257943674-3338997938-4154493867-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592]
"Facebook Update"="c:\users\GEORGE\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-05-31 336992]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
c:\users\GEORGE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2011-12-15 121584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-31 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1100000.088\SYMDS64.SYS [2009-08-30 433200]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1100000.088\SYMEFA64.SYS [2009-08-30 217136]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx64.sys [2009-08-30 641584]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1100000.088\ccHPx64.sys [2009-08-24 615040]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVia64.sys [2009-08-30 467504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1100000.088\Ironx64.SYS [2009-08-30 146992]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NISx64\1100000.088\SYMTDIV.SYS [2009-08-30 450608]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 132656]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-05 144896]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-09-08 1225832]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000Core.job
- c:\users\GEORGE\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-13 21:18]
.
2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000UA.job
- c:\users\GEORGE\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-13 21:18]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 21:13]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 21:13]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000Core.job
- c:\users\GEORGE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 18:02]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000UA.job
- c:\users\GEORGE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 18:02]
.
2012-07-14 c:\windows\Tasks\HPCeeScheduleForGEORGE-PC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-07-14 c:\windows\Tasks\HPCeeScheduleForGEORGE.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-24 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.searchbrowsing.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 23.21.64.122:80
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - 69.163.239.41
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 69.163.239.41
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 69.163.239.41
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 69.163.239.41
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
user_pref('extensions.dealply.partner', 'iron');
user_pref('extensions.dealply.channel', 'iron3');
user_pref('extensions.dealply.installId', 'v23600299380346543056042012031317380421');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '1');
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*Ö[ö`Ù5sÐ]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*Ö[‚iÛ?-]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥FuE¥FuÖ[ö`q*sÐ]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,90,e2,4d,37,3f,12,65,45,91,64,39,c4,92,5e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*þÿÿÿE¥¿tE¥¿tÖ[ZZÏ¢äŠ1*°³1*˜†1*]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,90,e2,4d,37,3f,12,65,45,91,64,39,c4,92,5e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*þÿÿÿE¥FuE¥FuÖ[ö`m4sÐø˜7*ÄÁ7*¨"7*]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[ö`Ù5sÐ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[ö`Ù5sÐ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[‚iÛ?-]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[‚iÛ?-\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FuE¥FuÖ[ö`q*sÐ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FuE¥FuÖ[ö`q*sÐ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿE¥¿tE¥¿tÖ[ZZÏ¢äŠ1*°³1*˜†1*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿE¥¿tE¥¿tÖ[ZZÏ¢äŠ1*°³1*˜†1*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿE¥FuE¥FuÖ[ö`m4sÐø˜7*ÄÁ7*¨"7*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿE¥FuE¥FuÖ[ö`m4sÐø˜7*ÄÁ7*¨"7*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*Ö[ö`Ù5sÐ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:6a,00,63,00,2e,00,6a,70,67,00,d6,5b,f6,60,d9,35,73,d0,10,01,00,00,76,
00,36,00,00,00,00,00,00,00,00,00,00,00,6a,00,63,00,2e,00,6a,70,67,00,d6,5b,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*Ö[‚iÛ?-]
@Allowed: (Read) (RestrictedCode)
"0"=hex:6a,00,63,00,32,00,2e,00,6a,70,67,00,d6,5b,82,69,db,3f,2d,16,10,01,00,
00,7a,00,36,00,00,00,00,00,00,00,00,00,00,00,6a,00,63,00,32,00,2e,00,6a,70,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥FuE¥FuÖ[ö`q*sÐ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:62,00,6c,00,61,00,63,00,6b,00,20,00,68,00,61,00,6c,00,66,00,20,00,62,
00,61,00,6e,00,64,00,61,00,6e,00,61,00,2e,00,6a,70,67,00,45,a5,46,75,45,a5,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*þÿÿÿE¥¿tE¥¿tÖ[ZZÏ¢äŠ1*°³1*˜†1*]
@Allowed: (Read) (RestrictedCode)
"0"=hex:63,00,6f,00,72,00,65,00,6c,00,20,00,70,00,61,00,69,00,6e,00,74,00,20,
00,63,00,72,00,6f,00,70,00,2e,00,6a,70,67,00,fe,ff,ff,ff,45,a5,bf,74,45,a5,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*þÿÿÿE¥FuE¥FuÖ[ö`m4sÐø˜7*ÄÁ7*¨"7*]
@Allowed: (Read) (RestrictedCode)
"0"=hex:6a,00,63,00,2e,00,6a,70,67,00,fe,ff,ff,ff,45,a5,46,75,45,a5,46,75,d6,
5b,f6,60,6d,34,73,d0,f8,98,37,00,c4,c1,37,00,a8,94,37,00,00,00,a2,00,36,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-07-30 10:28:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-30 15:28
ComboFix2.txt 2012-07-30 07:12
.
Pre-Run: 363,797,331,968 bytes free
Post-Run: 363,496,189,952 bytes free
.
- - End Of File - - CF38B4A94EA7932429D291D35FAD43C5

ESET ONLINE SCANNER LOG:
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c3607d33d1e92a49ba47dd13299ac041
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-30 05:41:27
# local_time=2012-07-30 12:41:27 (-0600, Central Daylight Time (Mexico))
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 14338463 14338463 0 0
# compatibility_mode=1024 16777215 100 0 13115702 13115702 0 0
# compatibility_mode=3588 16777214 85 85 70383777 92422049 0 0
# compatibility_mode=5893 16776574 100 94 507046 95206075 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=254837
# found=0
# cleaned=0
# scan_time=7462
[email protected] as downloader log:
all ok
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c3607d33d1e92a49ba47dd13299ac041
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-30 09:57:40
# local_time=2012-07-30 04:57:40 (-0600, Central Daylight Time (Mexico))
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 14353302 14353302 0 0
# compatibility_mode=1024 16777215 100 0 13130541 13130541 0 0
# compatibility_mode=3588 16777214 85 85 70398616 92436888 0 0
# compatibility_mode=5893 16776574 100 94 521885 95220914 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=254995
# found=0
# cleaned=0
# scan_time=7998


----------



## kevinf80 (Mar 21, 2006)

Thanks for the logs, can you check with your son on the proxy servers, see if he set them up? if not do this;

Check for and reset proxy servers :-

*Internet Explorer:*
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.

*Firefox:*
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

*Chrome:*
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

*Safari*

 Launch Safari
 Go to general settings menu
 Then in Preferences/ Advanced
 Then on line click Proxies change settings ...
 Click Internet Options, then click the Connections tab, click Network Settings.
 Disable option (uncheck) for the use of proxy server ...

Next:

*Please read carefully and follow these steps.*

Download *TDSSKiller* and save it to your Desktop.

Doubleclick on







to run the application.

The "Ready to scan" window will open, Click on* "Change parameters"*










Place a checkmark next to Verify *Driver Digital Signature* and *Detect TDLFS file system*, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.










Select "Start Scan"










If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.

Next:








Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post those two logs and give an update please.

Thanks,

Kevin...


----------



## xshine25 (Jul 7, 2012)

Hi Kevinf80,
Hope that you are feeling better.
I have reset the proxy servers that you mentioned. Here are the TDSSKiller & Malwarebytes' Anti-Malware logs. CPU usage still is fluctuates between 59% and 72% in Internet Explorer and Firefox fluctuates between 89% and 100%, but mostly the latter. Continually freezes, very slow, overheating and cooling fans continue at max.

TDSSKiller LOG REPORT:
09:46:13.0692 2052 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:46:14.0613 2052 ============================================================
09:46:14.0613 2052 Current date / time: 2012/07/31 09:46:14.0613
09:46:14.0613 2052 SystemInfo:
09:46:14.0613 2052 
09:46:14.0613 2052 OS Version: 6.1.7601 ServicePack: 1.0
09:46:14.0613 2052 Product type: Workstation
09:46:14.0613 2052 ComputerName: GEORGE-PC
09:46:14.0613 2052 UserName: GEORGE
09:46:14.0613 2052 Windows directory: C:\Windows
09:46:14.0613 2052 System windows directory: C:\Windows
09:46:14.0613 2052 Running under WOW64
09:46:14.0613 2052 Processor architecture: Intel x64
09:46:14.0613 2052 Number of processors: 2
09:46:14.0613 2052 Page size: 0x1000
09:46:14.0613 2052 Boot type: Normal boot
09:46:14.0613 2052 ============================================================
09:46:15.0939 2052 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:46:15.0954 2052 ============================================================
09:46:15.0954 2052 \Device\Harddisk0\DR0:
09:46:15.0954 2052 MBR partitions:
09:46:15.0954 2052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
09:46:15.0954 2052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x386E0000
09:46:15.0954 2052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38744000, BlocksNum 0x1C0E000
09:46:15.0954 2052 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
09:46:15.0954 2052 ============================================================
09:46:16.0017 2052 C: <-> \Device\Harddisk0\DR0\Partition1
09:46:16.0064 2052 D: <-> \Device\Harddisk0\DR0\Partition2
09:46:16.0079 2052 E: <-> \Device\Harddisk0\DR0\Partition3
09:46:16.0079 2052 ============================================================
09:46:16.0079 2052 Initialize success
09:46:16.0079 2052 ============================================================
09:46:31.0211 2608 ============================================================
09:46:31.0211 2608 Scan started
09:46:31.0211 2608 Mode: Manual; SigCheck; TDLFS; 
09:46:31.0211 2608 ============================================================
09:46:32.0412 2608 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:46:32.0506 2608 !SASCORE - ok
09:46:33.0302 2608 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:46:33.0395 2608 1394ohci - ok
09:46:33.0426 2608 Scan interrupted by user!
09:46:33.0426 2608 Scan interrupted by user!
09:46:33.0426 2608 Scan interrupted by user!
09:46:33.0426 2608 ============================================================
09:46:33.0426 2608 Scan finished
09:46:33.0426 2608 ============================================================
09:46:33.0442 4788 Detected object count: 0
09:46:33.0442 4788 Actual detected object count: 0
09:46:51.0726 3376 ============================================================
09:46:51.0726 3376 Scan started
09:46:51.0726 3376 Mode: Manual; SigCheck; TDLFS; 
09:46:51.0726 3376 ============================================================
09:46:51.0835 3376 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:46:51.0851 3376 !SASCORE - ok
09:46:51.0867 3376 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:46:51.0898 3376 1394ohci - ok
09:46:52.0023 3376 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:46:52.0069 3376 ACPI - ok
09:46:52.0101 3376 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:46:52.0194 3376 AcpiPmi - ok
09:46:52.0428 3376 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:46:52.0459 3376 AdobeARMservice - ok
09:46:52.0553 3376 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:46:52.0600 3376 adp94xx - ok
09:46:52.0662 3376 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:46:52.0709 3376 adpahci - ok
09:46:52.0771 3376 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:46:52.0803 3376 adpu320 - ok
09:46:52.0849 3376 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:46:53.0005 3376 AeLookupSvc - ok
09:46:53.0146 3376 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
09:46:53.0177 3376 AERTFilters - ok
09:46:53.0255 3376 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:46:53.0333 3376 AFD - ok
09:46:53.0380 3376 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:46:53.0395 3376 agp440 - ok
09:46:53.0427 3376 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:46:53.0489 3376 ALG - ok
09:46:53.0536 3376 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:46:53.0551 3376 aliide - ok
09:46:53.0583 3376 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:46:53.0598 3376 amdide - ok
09:46:53.0645 3376 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:46:53.0707 3376 AmdK8 - ok
09:46:53.0739 3376 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:46:53.0832 3376 AmdPPM - ok
09:46:53.0910 3376 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:46:53.0926 3376 amdsata - ok
09:46:54.0019 3376 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:46:54.0051 3376 amdsbs - ok
09:46:54.0097 3376 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:46:54.0129 3376 amdxata - ok
09:46:54.0207 3376 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:46:54.0425 3376 AppID - ok
09:46:54.0534 3376 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:46:54.0612 3376 AppIDSvc - ok
09:46:54.0675 3376 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:46:54.0753 3376 Appinfo - ok
09:46:54.0955 3376 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:46:54.0987 3376 Apple Mobile Device - ok
09:46:55.0065 3376 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:46:55.0096 3376 arc - ok
09:46:55.0111 3376 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:46:55.0127 3376 arcsas - ok
09:46:55.0143 3376 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:46:55.0236 3376 AsyncMac - ok
09:46:55.0267 3376 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:46:55.0299 3376 atapi - ok
09:46:55.0423 3376 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:46:55.0501 3376 AudioEndpointBuilder - ok
09:46:55.0517 3376 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:46:55.0564 3376 AudioSrv - ok
09:46:55.0626 3376 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:46:55.0735 3376 AxInstSV - ok
09:46:55.0829 3376 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:46:55.0907 3376 b06bdrv - ok
09:46:55.0954 3376 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:46:56.0047 3376 b57nd60a - ok
09:46:56.0094 3376 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:46:56.0157 3376 BDESVC - ok
09:46:56.0203 3376 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:46:56.0281 3376 Beep - ok
09:46:56.0375 3376 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:46:56.0437 3376 BFE - ok
09:46:56.0562 3376 BHDrvx64 (cbee185bf1fa48d1d273b592c62a5a41) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx64.sys
09:46:56.0640 3376 BHDrvx64 - ok
09:46:56.0827 3376 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
09:46:56.0905 3376 BITS - ok
09:46:56.0999 3376 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:46:57.0046 3376 blbdrive - ok
09:46:57.0264 3376 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:46:57.0342 3376 Bonjour Service - ok
09:46:57.0405 3376 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:46:57.0451 3376 bowser - ok
09:46:57.0545 3376 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:46:57.0623 3376 BrFiltLo - ok
09:46:57.0670 3376 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:46:57.0701 3376 BrFiltUp - ok
09:46:57.0748 3376 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:46:57.0826 3376 BridgeMP - ok
09:46:57.0888 3376 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:46:57.0982 3376 Browser - ok
09:46:58.0013 3376 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:46:58.0060 3376 Brserid - ok
09:46:58.0075 3376 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:46:58.0107 3376 BrSerWdm - ok
09:46:58.0107 3376 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:46:58.0153 3376 BrUsbMdm - ok
09:46:58.0153 3376 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:46:58.0185 3376 BrUsbSer - ok
09:46:58.0200 3376 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:46:58.0231 3376 BTHMODEM - ok
09:46:58.0263 3376 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:46:58.0325 3376 bthserv - ok
09:46:58.0341 3376 catchme - ok
09:46:58.0465 3376 ccHP (60050e92e160115b80175a5bdb1525b4) C:\Windows\system32\drivers\NISx64\1100000.088\ccHPx64.sys
09:46:58.0497 3376 ccHP - ok
09:46:58.0559 3376 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:46:58.0637 3376 cdfs - ok
09:46:58.0699 3376 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
09:46:58.0746 3376 cdrom - ok
09:46:58.0840 3376 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:46:58.0918 3376 CertPropSvc - ok
09:46:58.0980 3376 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:46:59.0027 3376 circlass - ok
09:46:59.0089 3376 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:46:59.0121 3376 CLFS - ok
09:46:59.0308 3376 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:46:59.0339 3376 clr_optimization_v2.0.50727_32 - ok
09:46:59.0557 3376 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:46:59.0573 3376 clr_optimization_v2.0.50727_64 - ok
09:46:59.0682 3376 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:46:59.0745 3376 clr_optimization_v4.0.30319_32 - ok
09:46:59.0807 3376 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:46:59.0823 3376 clr_optimization_v4.0.30319_64 - ok
09:46:59.0854 3376 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:46:59.0869 3376 CmBatt - ok
09:46:59.0916 3376 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:46:59.0932 3376 cmdide - ok
09:46:59.0994 3376 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:47:00.0072 3376 CNG - ok
09:47:00.0119 3376 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:47:00.0135 3376 Compbatt - ok
09:47:00.0181 3376 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:47:00.0228 3376 CompositeBus - ok
09:47:00.0244 3376 COMSysApp - ok
09:47:00.0275 3376 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:47:00.0291 3376 crcdisk - ok
09:47:00.0353 3376 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
09:47:00.0400 3376 CryptSvc - ok
09:47:00.0478 3376 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
09:47:00.0540 3376 dc3d - ok
09:47:00.0649 3376 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:47:00.0712 3376 DcomLaunch - ok
09:47:00.0790 3376 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:47:00.0899 3376 defragsvc - ok
09:47:00.0946 3376 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:47:01.0024 3376 DfsC - ok
09:47:01.0086 3376 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:47:01.0180 3376 Dhcp - ok
09:47:01.0195 3376 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:47:01.0258 3376 discache - ok
09:47:01.0289 3376 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:47:01.0305 3376 Disk - ok
09:47:01.0351 3376 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:47:01.0429 3376 Dnscache - ok
09:47:01.0492 3376 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:47:01.0570 3376 dot3svc - ok
09:47:01.0601 3376 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:47:01.0695 3376 DPS - ok
09:47:01.0757 3376 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:47:01.0804 3376 drmkaud - ok
09:47:01.0975 3376 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:47:02.0007 3376 DXGKrnl - ok
09:47:02.0053 3376 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:47:02.0116 3376 EapHost - ok
09:47:03.0707 3376 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:47:03.0894 3376 ebdrv - ok
09:47:04.0237 3376 eeCtrl (8ecb5d35f400706016931bd25ae1b554) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
09:47:04.0269 3376 eeCtrl - ok
09:47:04.0393 3376 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:47:04.0456 3376 EFS - ok
09:47:04.0581 3376 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:47:04.0674 3376 ehRecvr - ok
09:47:04.0721 3376 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:47:04.0768 3376 ehSched - ok
09:47:05.0829 3376 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:47:05.0907 3376 elxstor - ok
09:47:06.0031 3376 EraserUtilRebootDrv (8adb1fab20d285088ceb1215f5d22080) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:47:06.0063 3376 EraserUtilRebootDrv - ok
09:47:06.0141 3376 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:47:06.0187 3376 ErrDev - ok
09:47:06.0265 3376 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:47:06.0359 3376 EventSystem - ok
09:47:06.0406 3376 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:47:06.0468 3376 exfat - ok
09:47:06.0499 3376 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:47:06.0577 3376 fastfat - ok
09:47:06.0687 3376 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:47:06.0796 3376 Fax - ok
09:47:06.0858 3376 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:47:06.0905 3376 fdc - ok
09:47:06.0983 3376 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:47:07.0045 3376 fdPHost - ok
09:47:07.0092 3376 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:47:07.0170 3376 FDResPub - ok
09:47:07.0201 3376 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:47:07.0217 3376 FileInfo - ok
09:47:07.0233 3376 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:47:07.0264 3376 Filetrace - ok
09:47:07.0311 3376 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:47:07.0342 3376 flpydisk - ok
09:47:07.0404 3376 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:47:07.0435 3376 FltMgr - ok
09:47:07.0560 3376 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:47:07.0638 3376 FontCache - ok
09:47:07.0888 3376 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:47:07.0935 3376 FontCache3.0.0.0 - ok
09:47:08.0013 3376 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:47:08.0044 3376 FsDepends - ok
09:47:08.0075 3376 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:47:08.0075 3376 Fs_Rec - ok
09:47:08.0153 3376 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:47:08.0184 3376 fvevol - ok
09:47:08.0231 3376 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:47:08.0262 3376 gagp30kx - ok
09:47:08.0356 3376 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
09:47:08.0403 3376 GameConsoleService - ok
09:47:08.0434 3376 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:47:08.0449 3376 GEARAspiWDM - ok
09:47:09.0354 3376 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:47:09.0479 3376 gpsvc - ok
09:47:09.0604 3376 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:47:09.0635 3376 gupdate - ok
09:47:09.0651 3376 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:47:09.0666 3376 gupdatem - ok
09:47:09.0807 3376 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:47:09.0885 3376 hcw85cir - ok
09:47:09.0963 3376 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:47:10.0041 3376 HdAudAddService - ok
09:47:10.0072 3376 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:47:10.0119 3376 HDAudBus - ok
09:47:10.0275 3376 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:47:10.0337 3376 HidBatt - ok
09:47:10.0368 3376 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:47:10.0415 3376 HidBth - ok
09:47:10.0431 3376 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:47:10.0462 3376 HidIr - ok
09:47:10.0696 3376 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:47:10.0774 3376 hidserv - ok
09:47:10.0836 3376 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:47:10.0852 3376 HidUsb - ok
09:47:10.0899 3376 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:47:10.0977 3376 hkmsvc - ok
09:47:11.0039 3376 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:47:11.0086 3376 HomeGroupListener - ok
09:47:11.0148 3376 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:47:11.0211 3376 HomeGroupProvider - ok
09:47:11.0273 3376 HP Support Assistant Service - ok
09:47:11.0382 3376 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
09:47:11.0429 3376 hpqwmiex - ok
09:47:11.0523 3376 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:47:11.0554 3376 HpSAMD - ok
09:47:11.0632 3376 HPWMISVC (b6492d01712a22ff3fea25a999dbd321) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
09:47:11.0648 3376 HPWMISVC ( UnsignedFile.Multi.Generic ) - warning
09:47:11.0648 3376 HPWMISVC - detected UnsignedFile.Multi.Generic (1)
09:47:11.0757 3376 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:47:11.0850 3376 HTTP - ok
09:47:11.0882 3376 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:47:11.0913 3376 hwpolicy - ok
09:47:11.0975 3376 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:47:12.0006 3376 i8042prt - ok
09:47:12.0069 3376 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
09:47:12.0084 3376 iaStor - ok
09:47:12.0131 3376 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:47:12.0178 3376 iaStorV - ok
09:47:12.0287 3376 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
09:47:12.0303 3376 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:47:12.0303 3376 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:47:12.0724 3376 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:47:12.0833 3376 idsvc - ok
09:47:16.0686 3376 IDSVia64 (41d2c4e4c5dfab0b9fbd7438d8822123) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVia64.sys
09:47:16.0718 3376 IDSVia64 - ok
09:47:22.0146 3376 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:47:22.0474 3376 igfx - ok
09:47:23.0597 3376 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:47:23.0628 3376 iirsp - ok
09:47:23.0831 3376 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:47:23.0972 3376 IKEEXT - ok
09:47:24.0783 3376 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
09:47:24.0830 3376 IntcAzAudAddService - ok
09:47:25.0235 3376 IntcHdmiAddService (cfc68ca36a63637e8ca69669ee3693da) C:\Windows\system32\drivers\IntcHdmi.sys
09:47:25.0266 3376 IntcHdmiAddService - ok
09:47:25.0344 3376 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:47:25.0391 3376 intelide - ok
09:47:25.0422 3376 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:47:25.0454 3376 intelppm - ok
09:47:25.0485 3376 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:47:25.0516 3376 IPBusEnum - ok
09:47:25.0719 3376 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:47:25.0828 3376 IpFilterDriver - ok
09:47:25.0875 3376 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:47:25.0953 3376 iphlpsvc - ok
09:47:25.0984 3376 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:47:26.0015 3376 IPMIDRV - ok
09:47:26.0062 3376 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:47:26.0140 3376 IPNAT - ok
09:47:26.0343 3376 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
09:47:26.0390 3376 iPod Service - ok
09:47:26.0421 3376 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:47:26.0499 3376 IRENUM - ok
09:47:26.0530 3376 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:47:26.0546 3376 isapnp - ok
09:47:26.0655 3376 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:47:26.0686 3376 iScsiPrt - ok
09:47:26.0702 3376 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:47:26.0717 3376 kbdclass - ok
09:47:26.0764 3376 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:47:26.0795 3376 kbdhid - ok
09:47:26.0904 3376 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:47:26.0936 3376 KeyIso - ok
09:47:27.0076 3376 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:47:27.0092 3376 KSecDD - ok
09:47:27.0201 3376 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:47:27.0232 3376 KSecPkg - ok
09:47:27.0279 3376 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:47:27.0357 3376 ksthunk - ok
09:47:27.0450 3376 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:47:27.0560 3376 KtmRm - ok
09:47:27.0638 3376 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
09:47:27.0716 3376 LanmanServer - ok
09:47:27.0762 3376 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:47:27.0825 3376 LanmanWorkstation - ok
09:47:27.0903 3376 LightScribeService (47269f0de1e5089c6f23bc1ec48cfc31) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
09:47:27.0918 3376 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
09:47:27.0918 3376 LightScribeService - detected UnsignedFile.Multi.Generic (1)
09:47:27.0950 3376 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:47:28.0043 3376 lltdio - ok
09:47:28.0106 3376 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:47:28.0199 3376 lltdsvc - ok
09:47:28.0215 3376 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:47:28.0246 3376 lmhosts - ok
09:47:28.0293 3376 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:47:28.0324 3376 LSI_FC - ok
09:47:28.0355 3376 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:47:28.0371 3376 LSI_SAS - ok
09:47:28.0371 3376 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:47:28.0386 3376 LSI_SAS2 - ok
09:47:28.0402 3376 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:47:28.0418 3376 LSI_SCSI - ok
09:47:28.0464 3376 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:47:28.0527 3376 luafv - ok
09:47:28.0574 3376 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:47:28.0605 3376 Mcx2Svc - ok
09:47:28.0636 3376 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:47:28.0667 3376 megasas - ok
09:47:28.0714 3376 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:47:28.0776 3376 MegaSR - ok
09:47:29.0135 3376 Microsoft SharePoint Workspace Audit Service - ok
09:47:29.0166 3376 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:47:29.0244 3376 MMCSS - ok
09:47:29.0276 3376 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:47:29.0322 3376 Modem - ok
09:47:29.0354 3376 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:47:29.0400 3376 monitor - ok
09:47:29.0556 3376 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:47:29.0588 3376 mouclass - ok
09:47:29.0650 3376 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:47:29.0697 3376 mouhid - ok
09:47:29.0744 3376 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:47:29.0775 3376 mountmgr - ok
09:47:30.0180 3376 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:47:30.0243 3376 MozillaMaintenance - ok
09:47:31.0116 3376 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:47:31.0179 3376 mpio - ok
09:47:31.0210 3376 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:47:31.0288 3376 mpsdrv - ok
09:47:31.0444 3376 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
09:47:31.0553 3376 MpsSvc - ok
09:47:31.0600 3376 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:47:31.0631 3376 MRxDAV - ok
09:47:31.0709 3376 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:47:31.0756 3376 mrxsmb - ok
09:47:31.0787 3376 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:47:31.0850 3376 mrxsmb10 - ok
09:47:31.0896 3376 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:47:31.0928 3376 mrxsmb20 - ok
09:47:31.0959 3376 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:47:31.0990 3376 msahci - ok
09:47:32.0396 3376 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:47:32.0458 3376 msdsm - ok
09:47:32.0489 3376 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:47:32.0536 3376 MSDTC - ok
09:47:32.0583 3376 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:47:32.0614 3376 Msfs - ok
09:47:32.0630 3376 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:47:32.0676 3376 mshidkmdf - ok
09:47:32.0708 3376 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:47:32.0739 3376 msisadrv - ok
09:47:32.0786 3376 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:47:32.0864 3376 MSiSCSI - ok
09:47:32.0879 3376 msiserver - ok
09:47:32.0910 3376 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:47:32.0957 3376 MSKSSRV - ok
09:47:32.0973 3376 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:47:33.0035 3376 MSPCLOCK - ok
09:47:33.0051 3376 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:47:33.0129 3376 MSPQM - ok
09:47:33.0191 3376 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:47:33.0222 3376 MsRPC - ok
09:47:33.0316 3376 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:47:33.0347 3376 mssmbios - ok
09:47:33.0378 3376 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:47:33.0441 3376 MSTEE - ok
09:47:33.0472 3376 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:47:33.0488 3376 MTConfig - ok
09:47:33.0534 3376 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:47:33.0550 3376 Mup - ok
09:47:33.0831 3376 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:47:33.0940 3376 napagent - ok
09:47:34.0018 3376 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:47:34.0080 3376 NativeWifiP - ok
09:47:34.0158 3376 NAVENG (251bdfbc76acc5590c8975dee780147e) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS
09:47:34.0190 3376 NAVENG - ok
09:47:34.0751 3376 NAVEX15 (d3862ab9e0008d30685494e1035a1ce7) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS
09:47:34.0892 3376 NAVEX15 - ok
09:47:37.0388 3376 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:47:37.0434 3376 NDIS - ok
09:47:37.0497 3376 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:47:37.0559 3376 NdisCap - ok
09:47:37.0590 3376 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:47:37.0637 3376 NdisTapi - ok
09:47:37.0715 3376 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:47:37.0778 3376 Ndisuio - ok
09:47:37.0887 3376 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:47:37.0949 3376 NdisWan - ok
09:47:37.0980 3376 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:47:38.0027 3376 NDProxy - ok
09:47:38.0058 3376 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:47:38.0152 3376 NetBIOS - ok
09:47:38.0214 3376 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:47:38.0292 3376 NetBT - ok
09:47:38.0339 3376 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:47:38.0370 3376 Netlogon - ok
09:47:38.0417 3376 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:47:38.0526 3376 Netman - ok
09:47:38.0558 3376 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:47:38.0604 3376 netprofm - ok
09:47:38.0682 3376 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:47:38.0714 3376 NetTcpPortSharing - ok
09:47:39.0384 3376 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
09:47:39.0556 3376 netw5v64 - ok
09:47:39.0681 3376 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:47:39.0712 3376 nfrd960 - ok
09:47:39.0806 3376 NIS (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
09:47:39.0837 3376 NIS - ok
09:47:39.0899 3376 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:47:39.0977 3376 NlaSvc - ok
09:47:40.0008 3376 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:47:40.0040 3376 Npfs - ok
09:47:40.0071 3376 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:47:40.0118 3376 nsi - ok
09:47:40.0149 3376 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:47:40.0211 3376 nsiproxy - ok
09:47:40.0336 3376 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:47:40.0398 3376 Ntfs - ok
09:47:40.0508 3376 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:47:40.0570 3376 Null - ok
09:47:40.0632 3376 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:47:40.0648 3376 nvraid - ok
09:47:40.0695 3376 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:47:40.0726 3376 nvstor - ok
09:47:40.0773 3376 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:47:40.0804 3376 nv_agp - ok
09:47:40.0851 3376 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:47:40.0898 3376 ohci1394 - ok
09:47:41.0022 3376 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:47:41.0038 3376 ose - ok
09:47:41.0397 3376 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:47:41.0568 3376 osppsvc - ok
09:47:41.0724 3376 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:47:41.0802 3376 p2pimsvc - ok
09:47:41.0865 3376 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:47:41.0896 3376 p2psvc - ok
09:47:41.0943 3376 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:47:41.0974 3376 Parport - ok
09:47:42.0021 3376 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:47:42.0052 3376 partmgr - ok
09:47:42.0099 3376 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:47:42.0161 3376 PcaSvc - ok
09:47:42.0208 3376 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:47:42.0239 3376 pci - ok
09:47:42.0255 3376 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:47:42.0286 3376 pciide - ok
09:47:42.0317 3376 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:47:42.0348 3376 pcmcia - ok
09:47:42.0364 3376 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:47:42.0380 3376 pcw - ok
09:47:42.0567 3376 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:47:42.0676 3376 PEAUTH - ok
09:47:42.0785 3376 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:47:42.0832 3376 PerfHost - ok
09:47:43.0128 3376 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:47:43.0284 3376 pla - ok
09:47:43.0378 3376 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:47:43.0440 3376 PlugPlay - ok
09:47:43.0456 3376 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:47:43.0518 3376 PNRPAutoReg - ok
09:47:43.0565 3376 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:47:43.0596 3376 PNRPsvc - ok
09:47:43.0893 3376 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
09:47:43.0908 3376 Point64 - ok
09:47:45.0344 3376 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:47:45.0437 3376 PolicyAgent - ok
09:47:45.0484 3376 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:47:45.0531 3376 Power - ok
09:47:45.0578 3376 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:47:45.0656 3376 PptpMiniport - ok
09:47:45.0702 3376 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:47:45.0734 3376 Processor - ok
09:47:45.0796 3376 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
09:47:45.0874 3376 ProfSvc - ok
09:47:45.0905 3376 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:47:45.0921 3376 ProtectedStorage - ok
09:47:45.0983 3376 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:47:46.0046 3376 Psched - ok
09:47:46.0701 3376 PSI_SVC_2_x64 (788cb65d49d1162c5ee6814afe5b0a70) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
09:47:46.0748 3376 PSI_SVC_2_x64 - ok
09:47:47.0434 3376 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:47:47.0528 3376 ql2300 - ok
09:47:47.0684 3376 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:47:47.0715 3376 ql40xx - ok
09:47:47.0762 3376 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:47:47.0808 3376 QWAVE - ok
09:47:47.0886 3376 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:47:47.0933 3376 QWAVEdrv - ok
09:47:48.0074 3376 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:47:48.0152 3376 RasAcd - ok
09:47:48.0183 3376 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:47:48.0230 3376 RasAgileVpn - ok
09:47:48.0261 3376 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:47:48.0370 3376 RasAuto - ok
09:47:48.0432 3376 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:47:48.0510 3376 Rasl2tp - ok
09:47:48.0557 3376 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:47:48.0651 3376 RasMan - ok
09:47:48.0698 3376 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:47:48.0744 3376 RasPppoe - ok
09:47:48.0776 3376 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:47:48.0807 3376 RasSstp - ok
09:47:48.0900 3376 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:47:48.0963 3376 rdbss - ok
09:47:49.0119 3376 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:47:49.0181 3376 rdpbus - ok
09:47:49.0212 3376 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:47:49.0290 3376 RDPCDD - ok
09:47:49.0322 3376 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:47:49.0400 3376 RDPENCDD - ok
09:47:49.0415 3376 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:47:49.0446 3376 RDPREFMP - ok
09:47:49.0712 3376 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
09:47:49.0790 3376 RDPWD - ok
09:47:49.0852 3376 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:47:49.0883 3376 rdyboost - ok
09:47:49.0930 3376 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:47:50.0008 3376 RemoteAccess - ok
09:47:50.0039 3376 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:47:50.0102 3376 RemoteRegistry - ok
09:47:50.0242 3376 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
09:47:50.0273 3376 RichVideo - ok
09:47:50.0304 3376 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:47:50.0398 3376 RpcEptMapper - ok
09:47:50.0414 3376 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:47:50.0445 3376 RpcLocator - ok
09:47:50.0523 3376 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:47:50.0585 3376 RpcSs - ok
09:47:50.0663 3376 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:47:50.0726 3376 rspndr - ok
09:47:50.0819 3376 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
09:47:50.0882 3376 RSUSBSTOR - ok
09:47:50.0975 3376 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:47:51.0006 3376 RTL8167 - ok
09:47:51.0178 3376 rtl8192se (ce594045b2969f5fc3f77b824629ac7f) C:\Windows\system32\DRIVERS\rtl8192se.sys
09:47:51.0209 3376 rtl8192se - ok
09:47:51.0272 3376 s616bus (3b50c84f0a19944e9bcc48ef90e4c237) C:\Windows\system32\DRIVERS\s616bus.sys
09:47:51.0303 3376 s616bus - ok
09:47:51.0350 3376 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:47:51.0365 3376 SamSs - ok
09:47:51.0474 3376 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:47:51.0490 3376 SASDIFSV - ok
09:47:51.0506 3376 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:47:51.0521 3376 SASKUTIL - ok
09:47:51.0833 3376 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:47:51.0880 3376 sbp2port - ok
09:47:51.0927 3376 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:47:52.0020 3376 SCardSvr - ok
09:47:52.0067 3376 SCDEmu (efd61bd67e5ce72ca5ce8bb6ad3e1fdb) C:\Windows\system32\drivers\SCDEmu.sys
09:47:52.0083 3376 SCDEmu - ok
09:47:52.0114 3376 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:47:52.0208 3376 scfilter - ok
09:47:52.0332 3376 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:47:52.0457 3376 Schedule - ok
09:47:52.0520 3376 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:47:52.0566 3376 SCPolicySvc - ok
09:47:52.0629 3376 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
09:47:52.0660 3376 sdbus - ok
09:47:52.0707 3376 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:47:52.0785 3376 SDRSVC - ok
09:47:52.0832 3376 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:47:52.0894 3376 secdrv - ok
09:47:52.0941 3376 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:47:53.0034 3376 seclogon - ok
09:47:53.0066 3376 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
09:47:53.0112 3376 SENS - ok
09:47:53.0128 3376 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:47:53.0144 3376 SensrSvc - ok
09:47:53.0175 3376 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:47:53.0206 3376 Serenum - ok
09:47:53.0268 3376 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:47:53.0300 3376 Serial - ok
09:47:53.0502 3376 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:47:53.0565 3376 sermouse - ok
09:47:53.0643 3376 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:47:53.0736 3376 SessionEnv - ok
09:47:53.0861 3376 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:47:53.0955 3376 sffdisk - ok
09:47:53.0970 3376 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:47:54.0033 3376 sffp_mmc - ok
09:47:54.0080 3376 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:47:54.0142 3376 sffp_sd - ok
09:47:54.0189 3376 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:47:54.0220 3376 sfloppy - ok
09:47:54.0299 3376 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:47:54.0361 3376 SharedAccess - ok
09:47:54.0424 3376 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:47:54.0533 3376 ShellHWDetection - ok
09:47:54.0580 3376 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:47:54.0595 3376 SiSRaid2 - ok
09:47:54.0627 3376 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:47:54.0642 3376 SiSRaid4 - ok
09:47:54.0689 3376 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:47:54.0751 3376 Smb - ok
09:47:54.0798 3376 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:47:54.0845 3376 SNMPTRAP - ok
09:47:54.0892 3376 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:47:54.0907 3376 spldr - ok
09:47:55.0001 3376 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:47:55.0063 3376 Spooler - ok
09:47:55.0485 3376 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:47:55.0703 3376 sppsvc - ok
09:47:55.0843 3376 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:47:55.0921 3376 sppuinotify - ok
09:47:56.0795 3376 SRTSP (56979a80f6f9df788a8bfcc1603da40d) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS
09:47:56.0857 3376 SRTSP - ok
09:47:56.0920 3376 SRTSPX (3c3d82bb245ad1cb00ed48cb2f4ab385) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS
09:47:56.0935 3376 SRTSPX - ok
09:47:57.0169 3376 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:47:57.0247 3376 srv - ok
09:47:57.0294 3376 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:47:57.0341 3376 srv2 - ok
09:47:57.0403 3376 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:47:57.0466 3376 SrvHsfHDA - ok
09:47:59.0853 3376 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:47:59.0946 3376 SrvHsfV92 - ok
09:48:03.0971 3376 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:48:04.0049 3376 SrvHsfWinac - ok
09:48:04.0143 3376 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:48:04.0174 3376 srvnet - ok
09:48:04.0221 3376 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:48:04.0330 3376 SSDPSRV - ok
09:48:04.0455 3376 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:48:04.0533 3376 SstpSvc - ok
09:48:04.0642 3376 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:48:04.0689 3376 stexstor - ok
09:48:04.0798 3376 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:48:04.0876 3376 stisvc - ok
09:48:04.0985 3376 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:48:05.0016 3376 swenum - ok
09:48:07.0699 3376 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
09:48:07.0793 3376 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
09:48:07.0793 3376 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
09:48:07.0887 3376 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:48:07.0980 3376 swprv - ok
09:48:08.0074 3376 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1100000.088\SYMDS64.SYS
09:48:08.0105 3376 SymDS - ok
09:48:08.0152 3376 SymEFA (8464297bf069a81613a276181b83b37c) C:\Windows\system32\drivers\NISx64\1100000.088\SYMEFA64.SYS
09:48:08.0183 3376 SymEFA - ok
09:48:08.0230 3376 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
09:48:08.0245 3376 SymEvent - ok
09:48:08.0526 3376 SymIRON (3744dae483213fac04422731825af44f) C:\Windows\system32\drivers\NISx64\1100000.088\Ironx64.SYS
09:48:08.0542 3376 SymIRON - ok
09:48:08.0604 3376 SYMTDIv (186814960618bc499399a6f455ec0e14) C:\Windows\system32\drivers\NISx64\1100000.088\SYMTDIV.SYS
09:48:08.0635 3376 SYMTDIv - ok
09:48:09.0415 3376 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
09:48:09.0478 3376 SynTP - ok
09:48:09.0712 3376 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:48:09.0821 3376 SysMain - ok
09:48:09.0946 3376 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:48:10.0008 3376 TabletInputService - ok
09:48:10.0086 3376 tap0901 (e965fc7627862779ba31a4fcb7d0c1ef) C:\Windows\system32\DRIVERS\tap0901.sys
09:48:10.0102 3376 tap0901 - ok
09:48:10.0149 3376 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
09:48:10.0164 3376 taphss - ok
09:48:10.0242 3376 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:48:10.0351 3376 TapiSrv - ok
09:48:10.0383 3376 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:48:10.0414 3376 TBS - ok
09:48:10.0788 3376 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:48:10.0851 3376 Tcpip - ok
09:48:11.0100 3376 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:48:11.0147 3376 TCPIP6 - ok
09:48:11.0241 3376 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:48:11.0319 3376 tcpipreg - ok
09:48:11.0350 3376 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:48:11.0397 3376 TDPIPE - ok
09:48:11.0412 3376 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:48:11.0475 3376 TDTCP - ok
09:48:11.0506 3376 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:48:11.0553 3376 tdx - ok
09:48:11.0584 3376 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:48:11.0615 3376 TermDD - ok
09:48:11.0693 3376 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:48:11.0787 3376 TermService - ok
09:48:11.0818 3376 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:48:11.0865 3376 Themes - ok
09:48:11.0896 3376 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:48:11.0943 3376 THREADORDER - ok
09:48:12.0005 3376 TotRec8 (65cf5e5464319238f44ce5e363b70eca) C:\Windows\system32\drivers\TotRec8.sys
09:48:12.0021 3376 TotRec8 - ok
09:48:12.0052 3376 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:48:12.0145 3376 TrkWks - ok
09:48:12.0208 3376 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:48:12.0301 3376 TrustedInstaller - ok
09:48:12.0348 3376 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:48:12.0411 3376 tssecsrv - ok
09:48:12.0457 3376 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:48:12.0489 3376 TsUsbFlt - ok
09:48:12.0567 3376 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:48:12.0629 3376 tunnel - ok
09:48:12.0660 3376 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:48:12.0676 3376 uagp35 - ok
09:48:12.0738 3376 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:48:12.0816 3376 udfs - ok
09:48:12.0863 3376 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:48:12.0894 3376 UI0Detect - ok
09:48:13.0081 3376 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:48:13.0128 3376 uliagpkx - ok
09:48:13.0222 3376 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:48:13.0269 3376 umbus - ok
09:48:13.0300 3376 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:48:13.0362 3376 UmPass - ok
09:48:13.0425 3376 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:48:13.0503 3376 upnphost - ok
09:48:13.0565 3376 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:48:13.0596 3376 usbccgp - ok
09:48:13.0643 3376 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:48:13.0690 3376 usbcir - ok
09:48:13.0737 3376 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
09:48:13.0768 3376 usbehci - ok
09:48:13.0846 3376 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:48:13.0924 3376 usbhub - ok
09:48:14.0080 3376 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:48:14.0173 3376 usbohci - ok
09:48:14.0329 3376 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:48:14.0392 3376 usbprint - ok
09:48:14.0485 3376 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:48:14.0532 3376 USBSTOR - ok
09:48:14.0579 3376 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:48:14.0626 3376 usbuhci - ok
09:48:14.0688 3376 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
09:48:14.0735 3376 usbvideo - ok
09:48:14.0797 3376 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:48:14.0875 3376 UxSms - ok
09:48:14.0907 3376 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:48:14.0922 3376 VaultSvc - ok
09:48:14.0985 3376 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:48:15.0000 3376 vdrvroot - ok
09:48:15.0109 3376 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:48:15.0219 3376 vds - ok
09:48:15.0312 3376 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:48:15.0359 3376 vga - ok
09:48:15.0624 3376 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:48:15.0749 3376 VgaSave - ok
09:48:15.0780 3376 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:48:15.0811 3376 vhdmp - ok
09:48:15.0843 3376 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:48:15.0858 3376 viaide - ok
09:48:15.0905 3376 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:48:15.0936 3376 volmgr - ok
09:48:15.0999 3376 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:48:16.0030 3376 volmgrx - ok
09:48:16.0092 3376 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:48:16.0123 3376 volsnap - ok
09:48:16.0201 3376 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:48:16.0217 3376 vsmraid - ok
09:48:16.0716 3376 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:48:16.0919 3376 VSS - ok
09:48:21.0053 3376 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:48:21.0115 3376 vwifibus - ok
09:48:21.0162 3376 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:48:21.0225 3376 vwififlt - ok
09:48:21.0271 3376 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:48:21.0303 3376 vwifimp - ok
09:48:21.0349 3376 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:48:21.0396 3376 W32Time - ok
09:48:21.0427 3376 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:48:21.0459 3376 WacomPen - ok
09:48:21.0521 3376 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:48:21.0599 3376 WANARP - ok
09:48:21.0630 3376 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:48:21.0693 3376 Wanarpv6 - ok
09:48:21.0895 3376 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:48:21.0989 3376 WatAdminSvc - ok
09:48:22.0207 3376 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:48:22.0317 3376 wbengine - ok
09:48:22.0488 3376 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:48:22.0535 3376 WbioSrvc - ok
09:48:22.0597 3376 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:48:22.0660 3376 wcncsvc - ok
09:48:22.0722 3376 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:48:22.0769 3376 WcsPlugInService - ok
09:48:22.0878 3376 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:48:22.0909 3376 Wd - ok
09:48:22.0972 3376 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:48:23.0019 3376 Wdf01000 - ok
09:48:23.0050 3376 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:48:23.0159 3376 WdiServiceHost - ok
09:48:23.0175 3376 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:48:23.0206 3376 WdiSystemHost - ok
09:48:23.0299 3376 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:48:23.0362 3376 WebClient - ok
09:48:23.0424 3376 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:48:23.0518 3376 Wecsvc - ok
09:48:23.0565 3376 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:48:23.0611 3376 wercplsupport - ok
09:48:23.0658 3376 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:48:23.0721 3376 WerSvc - ok
09:48:23.0783 3376 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:48:23.0830 3376 WfpLwf - ok
09:48:23.0877 3376 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:48:23.0892 3376 WIMMount - ok
09:48:23.0955 3376 WinDefend - ok
09:48:23.0955 3376 WinHttpAutoProxySvc - ok
09:48:24.0064 3376 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:48:24.0173 3376 Winmgmt - ok
09:48:24.0407 3376 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:48:24.0563 3376 WinRM - ok
09:48:24.0875 3376 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:48:24.0922 3376 WinUsb - ok
09:48:25.0015 3376 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:48:25.0093 3376 Wlansvc - ok
09:48:25.0717 3376 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:48:25.0827 3376 wlidsvc - ok
09:48:26.0092 3376 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:48:26.0139 3376 WmiAcpi - ok
09:48:26.0217 3376 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:48:26.0263 3376 wmiApSrv - ok
09:48:26.0326 3376 WMPNetworkSvc - ok
09:48:26.0357 3376 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:48:26.0388 3376 WPCSvc - ok
09:48:26.0451 3376 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:48:26.0482 3376 WPDBusEnum - ok
09:48:26.0497 3376 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:48:26.0560 3376 ws2ifsl - ok
09:48:26.0591 3376 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
09:48:26.0607 3376 wscsvc - ok
09:48:26.0622 3376 WSearch - ok
09:48:26.0997 3376 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
09:48:27.0106 3376 wuauserv - ok
09:48:27.0324 3376 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:48:27.0387 3376 WudfPf - ok
09:48:27.0480 3376 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:48:27.0543 3376 WUDFRd - ok
09:48:27.0589 3376 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:48:27.0652 3376 wudfsvc - ok
09:48:27.0699 3376 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:48:27.0777 3376 WwanSvc - ok
09:48:28.0011 3376 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:48:28.0042 3376 YahooAUService - ok
09:48:28.0135 3376 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
09:48:28.0198 3376 yukonw7 - ok
09:48:28.0245 3376 MBR (0x1B8) (0123e7392c04dfbc799a77d086824d0b) \Device\Harddisk0\DR0
09:48:29.0383 3376 \Device\Harddisk0\DR0 - ok
09:48:29.0399 3376 Boot (0x1200) (2aba4f051b06be31a3757d12097debf7) \Device\Harddisk0\DR0\Partition0
09:48:29.0399 3376 \Device\Harddisk0\DR0\Partition0 - ok
09:48:29.0415 3376 Boot (0x1200) (be5d2ccc711aaca0d05358f7978c1fe6) \Device\Harddisk0\DR0\Partition1
09:48:29.0415 3376 \Device\Harddisk0\DR0\Partition1 - ok
09:48:29.0446 3376 Boot (0x1200) (c19faade7f40d1a58a03b5b74c618d54) \Device\Harddisk0\DR0\Partition2
09:48:29.0461 3376 \Device\Harddisk0\DR0\Partition2 - ok
09:48:29.0508 3376 Boot (0x1200) (028af641534f9e07ceb32ddcdfecab99) \Device\Harddisk0\DR0\Partition3
09:48:29.0524 3376 \Device\Harddisk0\DR0\Partition3 - ok
09:48:29.0524 3376 ============================================================
09:48:29.0524 3376 Scan finished
09:48:29.0524 3376 ============================================================
09:48:29.0539 2300 Detected object count: 4
09:48:29.0539 2300 Actual detected object count: 4
09:49:31.0924 2300 HPWMISVC ( UnsignedFile.Multi.Generic ) - skipped by user
09:49:31.0924 2300 HPWMISVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:49:31.0924 2300 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:49:31.0924 2300 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:49:31.0924 2300 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
09:49:31.0924 2300 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:49:31.0924 2300 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
09:49:31.0924 2300 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

MBAM LOG REPORT:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.31.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
GEORGE :: GEORGE-PC [administrator]
7/31/2012 9:55:50 AM
mbam-log-2012-07-31 (09-55-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238920
Time elapsed: 2 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


----------



## xshine25 (Jul 7, 2012)

Also not sure if i mentioned it but CPU usage from start up, without the running of any programs or accessing the internet, goes from 4% to 57% in a matter of a minute and suddenly fluctuates anywere from 57% to 100% and back to 57% or so. While RAM usage stays anywhere between 34% to 64%.


----------



## kevinf80 (Mar 21, 2006)

Your logs look good, I`d like you to try a clean boot and let me know how your system responds in that state. Follow the instructions at this link http://support.microsoft.com/kb/331796 let me know how your system responds....

Kevin


----------



## xshine25 (Jul 7, 2012)

Clicked on the link provided(http://support.microsoft.com/kb/331796) but it notes the following: "System Tip: This article applies to a different version of Windows than the one you are using. Content in this article may not be relevant to you. Visit the Windows 7 Solution Center." 
Clicked on that link and typed in "clean boot for windows 7" and out of several links clicked on this one http://support.microsoft.com/kb/929135. Have not performed anything, thought I'd ask first whether I should continue as you previously instructed or not.
Thanks!


----------



## kevinf80 (Mar 21, 2006)

Apologies for that, yep the last link you quote is the one to use. I want to see how your system responds in a clean boot state. The logs look good, obviously there are still issues because of the way your system responds. As you mention that the high CPU and RAM issue is there before you connect we need to see if it is simply down to a specfic service before we go malware hunting again....

Thank you for your patience,

Kevin


----------



## xshine25 (Jul 7, 2012)

Hi Kevin,
Sorry for the delay! Ok clicked on the noted link, performed Step 1 of the clean boot and here are the results, let me know if I should move on to step 2 of the clean boot process. 
--Step 1
A) upon following through with step 1 and after reboot, CPU usage changed significantly. Fluctuated from 2% to 57% upon start up, but mostly stayed between the teens and mid 20's%, while RAM usage was at a constant 24%. 
B) Upon starting Internet Explorer, CPU usage elevated to 55% with frequent spikes of 88%, while RAM usage was at a constant 38%.


----------



## xshine25 (Jul 7, 2012)

???


----------



## kevinf80 (Mar 21, 2006)

Apologies, had major brain surgery on the 8th Aug. I`ve started back here but do have some ongoing issues.

OK, remove the clean boot and get your system running as normal again. Re-run DDS and post a fresh set of logs, DDS.txt and Attach.txt.

Next,

Run ESET online AV scan:

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








*Leave the tick out of remove found threats*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push









You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

*Also be aware this scan can take several hours to complete depending on the size of your system.*

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

Kevin


----------



## xshine25 (Jul 7, 2012)

Hi Kevin, 
Glad to once again hear from you. Hope that recovery comes quick and that you feel better. Sorry, about the wait, was out of town. 
Here are both the DDS.txt & Attach.txt logs that you requested. ESET Online Scanner came back clean.
One thing I think that you should know. After noticing that little Norton dialog boxes coming up informing me that my Anti-Virus was expired, and becoming a bit annoyed by it, I completely removed it, being that the trial version was expired. Think that the fan is not on 100% like before, still over-heats which makes me scared that my laptop will burn-out or something and the fan fluctuates between medium to max. Not sure if this is important but thought I'd let you know.

DDS.txt LOG:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by GEORGE at 18:11:44 on 2012-08-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2647 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://es.ask.com/?l=dis&o=15383
mStart Page = hxxp://www.searchbrowsing.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: aTube Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: aTube Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [<NO NAME>] 
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\GEORGE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-explorer: NoInstrumentation = 1
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7A2AAD8D-00ED-4328-8C39-9EA02965B7FB} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7A2AAD8D-00ED-4328-8C39-9EA02965B7FB}\14F5035363 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7A2AAD8D-00ED-4328-8C39-9EA02965B7FB}\361626C65667963796F6E60303 : DhcpNameServer = 10.3.77.26 10.3.1.100 10.3.1.221
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: aTube Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: aTube Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [(Default)] 
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://es.ask.com/?l=dis&o=15383
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\GEORGE\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\GEORGE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\GEORGE\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll
FF - plugin: C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\[email protected]\plugins\NP_2020Player_WEB.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.dealply.partner', 'iron');
user_pref('extensions.dealply.channel', 'iron3');
user_pref('extensions.dealply.installId', 'v23600299380346543056042012031317380421');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '1');
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-27 98208]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-31 136176]
S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-31 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-29 113120]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-27 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TotRec8;Total Recorder WDM audio filter driver;\??\C:\Windows\system32\drivers\TotRec8.sys --> C:\Windows\system32\drivers\TotRec8.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 MBAMService;MBAMService;"C:\Users\GEORGE\Desktop\KEVINF80\Malwarebytes' Anti-Malware\mbamservice.exe" --> C:\Users\GEORGE\Desktop\KEVINF80\Malwarebytes' Anti-Malware\mbamservice.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-08-29 03:49:55 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1ACB795A-82CB-4B1F-BFDD-260044736C18}\mpengine.dll
2012-08-28 18:15:42 -------- d-----w- C:\Program Files (x86)\Investintech.com Inc
2012-08-24 23:25:48 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-08-24 23:25:48 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-08-24 23:25:30 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-08-24 23:25:30 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-08-24 23:22:36 -------- d-----w- C:\Windows\System32\RsFx
2012-08-24 23:20:42 -------- d-----w- C:\Windows\SysWow64\1033
2012-08-24 23:20:42 -------- d-----w- C:\Windows\System32\1033
2012-08-24 23:16:57 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-08-24 23:10:33 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-08-24 23:10:13 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-08-24 23:10:13 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-08-24 23:09:24 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2012-08-24 23:05:24 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-08-24 23:03:50 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2012-08-24 23:03:50 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-08-23 22:24:02 -------- d-----w- C:\Program Files (x86)\WinPcap
2012-08-23 22:20:47 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-08-13 05:34:32 -------- d-----w- C:\ProgramData\Ask
2012-08-03 00:23:39 -------- d-----w- C:\Windows\pss
.
==================== Find3M ====================
.
2012-07-23 15:58:26 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-23 15:58:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-14 03:29:15 400168 ----a-w- C:\Windows\System32\SynCOM.dll
2012-07-14 03:29:15 271144 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-07-14 03:29:15 215336 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-07-14 03:29:15 214312 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-07-14 03:29:15 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-07-14 03:29:15 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-07-14 03:29:15 1390640 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-07-14 03:29:15 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 18:12:49.19 ===============

Attach.txt LOG:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 11/18/2011 10:58:36 PM
System Uptime: 8/31/2012 6:04:20 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1484
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | CPU | 2300/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 318.52 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.77 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
F: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP78: 6/22/2012 5:55:47 PM - Windows Update
RP79: 7/10/2012 3:35:56 AM - Removed HiJackThis
RP80: 7/10/2012 3:37:22 AM - Removed HiJackThis
RP81: 7/13/2012 8:57:15 PM - HPSF Applying updates
RP82: 7/13/2012 9:17:46 PM - Installed HP Support Assistant
RP83: 7/13/2012 9:24:13 PM - Windows Modules Installer
RP84: 7/13/2012 9:25:27 PM - Windows Modules Installer
RP85: 7/13/2012 9:35:16 PM - HPSF Applying updates
RP86: 7/13/2012 9:36:03 PM - HPSF Applying updates
RP87: 7/13/2012 9:36:36 PM - HPSF Applying updates
RP88: 7/13/2012 9:39:15 PM - HPSF Applying updates
RP89: 7/13/2012 10:25:33 PM - HPSF Applying updates
RP90: 7/14/2012 12:07:31 AM - Removed HP Software Framework
RP91: 7/14/2012 12:08:30 AM - Removed HP Support Assistant.
RP92: 7/14/2012 12:11:40 AM - Windows Modules Installer
RP93: 7/14/2012 12:13:41 AM - Windows Modules Installer
RP94: 7/14/2012 12:19:40 AM - Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
RP95: 7/30/2012 1:45:37 AM - ComboFix created restore point
RP96: 8/18/2012 11:30:29 AM - Removed Norton Online Backup
RP97: 8/25/2012 6:13:42 PM - Scheduled Checkpoint
RP98: 8/28/2012 10:48:32 PM - Windows Update
.
==== Installed Programs ======================
.
Able2Extract 7.0
Acrobat.com
Adobe AIR
Adobe Dreamweaver CS6
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Photoshop CS6
Adobe Reader X (10.1.4)
Adobe Shockwave Player
Adobe Shockwave Player 11.6
Adobe Widget Browser
Apple Application Support
Apple Software Update
Ares 2.1.8
Ask Toolbar
aTube Catcher
aTube Toolbar Updater
Axis Camera Explorer
Bejeweled 2 Deluxe
BitTorrent
Blackhawk Striker 2
Blasterball 3
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Corel Website Creator X6
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Elite Proxy Switcher 1.20
Escape Rosecliff Island
ESET Online Scanner v3
ESU for Microsoft Windows 7
Express Burn
Express Zip File Compression Software
Facebook Video Calling 1.2.0.159
Faerie Solitaire
FATE
FrostWire 5.3.3
Google Chrome
Google Earth Plug-in
Google Update Helper
Graboid Video 3.03
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP Setup
HP Smart Web Printing
HP Update
HP User Guides 0178
HP Wireless Assistant
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Integrated Performance Primitives RTI 4.0
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 31
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
KeyBlaze Typing Tutor
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft Works
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
muvee Reveal
Mystery P.I. - The New York Fortune
PDF Settings CS6
Penguins!
PictureMover
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PowerISO
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Software
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
swMSM
TextTwist 2
Total Recorder 8.3 Developer Edition
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WavePad Sound Editor
Wheel of Fortune 2
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPcap 4.1.2
WinZip Self-Extractor
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/31/2012 6:07:03 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The system cannot find the file specified.
8/31/2012 6:04:55 PM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/28/2012 12:49:51 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
8/25/2012 10:35:32 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================


----------



## xshine25 (Jul 7, 2012)

Also, recently updated Windows Defender, but is currently disabled.


----------



## kevinf80 (Mar 21, 2006)

You mention UNinstalling Norton AV, do you no longer have an AV installed? If that is the case you must install Microsoft Security Essentials, that will turn OFF windows defender permentally.

To keep safe when online you need a good *Antivirus/Antspyware/Antimalware/Anti-Rootkit* combination application. *Microsoft Security Essentials* covers all of those bases, but better still it is free. Go *Here* and hit the "Download free" tab, follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen.

There is a lot of references to Ask.com and rogue toolbars in DDS, These may have a detrimental effect on your system. It will be easier for you to run OTL and post a fresh set of logs, I will then give instructions for you to remove all of this rubbish from your system. Post OTL logs then we`ll take it from there..

Download







*OTL* from any of the following links and save to your Desktop:

*Link 1*
*Link 2*
*Link 3*

 Double click on the icon







to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
 When the window appears, underneath *Output* at the top, make sure *Standard output* is selected.
 Select *Scan all users*
 Under the *Extra Registry* section, check *Use SafeList*
 In the lower right corner, checkmark *"LOP Check"* and checkmark *"Purity Check".*
 Under the Custom Scan box paste this in:


```
netsvcs
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
msconfig
%SYSTEMDRIVE%\*.exe
%LOCALAPPDATA%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
```

 Click the







button. Do not change any settings unless otherwise told to do so. The scan wont take long.
 When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
 Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Kevin


----------



## xshine25 (Jul 7, 2012)

Not sure why but I cant post the scan logs. I get an "Internet Explorer cannot display the webpage." And when I click on the "diagnose connection problem" the windows network diagnostic tells me that troubleshooting could not diagnose the problem. What should I do?


----------



## xshine25 (Jul 7, 2012)

Should I try attaching the logs maybe? Have retried several times but still wont let me.


----------



## kevinf80 (Mar 21, 2006)

Try the instructions here http://support.microsoft.com/kb/956196


----------



## xshine25 (Jul 7, 2012)

Thanks a lot Kevin!
Downloaded Microsoft Security Essentials and OTL. Once I started the OTL scan I realized that I forgot to check the SCAN ALL USERS check box. When I realized this I tried to cancel the scan to check the Scan All Users box and restart but it would not let me. Sorry, let me know if I should run the scan once again...this time with the Scan All Users checked. Here are the OTL.txt & EXTRAS.txt scan logs.

OTL.TXT SCAN LOG:OTL logfile created on: 9/5/2012 12:39:25 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\GEORGE\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 57.09% Memory free
7.81 Gb Paging File | 5.92 Gb Available in Paging File | 75.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.44 Gb Total Space | 316.38 Gb Free Space | 70.08% Space Free | Partition Type: NTFS
Drive D: | 14.03 Gb Total Space | 1.72 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 92.36 Mb Free Space | 93.27% Space Free | Partition Type: FAT32
Drive H: | 7.20 Gb Total Space | 4.63 Gb Free Space | 64.32% Space Free | Partition Type: FAT32
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 7.46 Gb Total Space | 0.90 Gb Free Space | 12.10% Space Free | Partition Type: FAT32

Computer Name: GEORGE-PC | User Name: GEORGE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/05 00:31:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\GEORGE\Desktop\OTL.com
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/18 08:47:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/10 02:12:34 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/23 10:58:26 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/07/18 08:47:27 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:*64bit:* - [2010/11/30 13:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:*64bit:* - [2010/01/18 17:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:*64bit:* - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:*64bit:* - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/18 08:47:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/07/13 22:29:15 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2012/05/30 23:10:48 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:*64bit:* - [2012/03/26 16:45:14 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2011/12/14 22:12:40 | 000,121,584 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TotRec8.sys -- (TotRec8)
DRV:*64bit:* - [2011/09/08 02:46:56 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:*64bit:* - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2011/06/07 07:44:16 | 000,040,128 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:*64bit:* - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:*64bit:* - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:*64bit:* - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:*64bit:* - [2010/03/05 14:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:*64bit:* - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:*64bit:* - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:*64bit:* - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:*64bit:* - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:*64bit:* - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:*64bit:* - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:*64bit:* - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2007/04/03 13:59:20 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s616bus.sys -- (s616bus)
DRV - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:*64bit:* - HKLM\..\SearchScopes\{80AABB12-28B8-4096-B5E6-A42AA754EA3E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:*64bit:* - HKLM\..\SearchScopes\{853581B2-20A6-4597-B81C-3A3F931E4635}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:*64bit:* - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchbrowsing.com
IE - HKLM\..\SearchScopes,DefaultScope = {0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}
IE - HKLM\..\SearchScopes\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}: "URL" = http://www.searchbrowsing.com/web.php?src=hmp&hl=en&camefrom=defaultsearch&q={searchTerms}
IE - HKLM\..\SearchScopes\{80AABB12-28B8-4096-B5E6-A42AA754EA3E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{853581B2-20A6-4597-B81C-3A3F931E4635}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.searchonme.com/?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://es.ask.com/?l=dis&o=15383
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}: "URL" = http://www.searchbrowsing.com/web.php?src=hmp&hl=en&camefrom=defaultsearch&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=989c0cff00000000000070f1a17f3422
IE - HKCU\..\SearchScopes\{13519A79-A2A3-4B53-854E-421C33854A68}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{2FB242D6-BE26-4249-AA63-E5E716A00DF7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15380&src=kw&q={searchTerms}&locale=&apn_ptnrs=UJ&apn_dtid=YYYYYYYYMX&apn_uid=4333cac3-6a1e-4ff4-83ab-862f75c29133&apn_sauid=897EBB73-85FD-4BD8-AD90-BEF85ED67C76
IE - HKCU\..\SearchScopes\{4D9CF7D1-74FD-45C4-8F21-07EF97CFC09F}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{80AABB12-28B8-4096-B5E6-A42AA754EA3E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{853581B2-20A6-4597-B81C-3A3F931E4635}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={2D4F3D53-41E5-4BD4-BB0D-01ACAF22A635}&mid=b257f2de438047d19b4c1943ef438858-8e60a29b0844718c0f73548076369dc207d7015c&lang=en&ds=st011&pr=sa&d=2012-06-05 03:10:19&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BF90FA6-4529-4D39-B2AF-D765A855D5F5}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.searchonme.com/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://es.ask.com/?l=dis&o=15383"
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: [email protected]:10.0.0.7
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.5.1.00
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\GEORGE\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GEORGE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GEORGE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\GEORGE\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 14:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 08:47:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/30 01:18:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 08:47:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/30 01:18:22 | 000,000,000 | ---D | M]

[2012/02/04 18:32:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Extensions
[2012/08/29 21:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions
[2012/04/18 12:36:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/29 21:08:36 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/07/14 17:07:51 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\[email protected]
[2012/03/10 19:02:10 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\[email protected]
[2012/08/23 17:21:05 | 000,000,000 | ---D | M] (aTube Toolbar) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\[email protected]
[2012/08/23 17:21:05 | 000,002,324 | ---- | M] () -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\searchplugins\askcom.xml
[2012/02/02 21:35:33 | 000,002,519 | ---- | M] () -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\searchplugins\Search_Results.xml
[2012/04/06 21:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/06 17:03:57 | 000,014,714 | ---- | M] () (No name found) -- C:\USERS\GEORGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\92UKAJFX.DEFAULT\EXTENSIONS\{E6C1199F-E687-42DA-8C24-E7770CC3AE66}.XPI
[2012/07/23 18:21:36 | 000,015,979 | ---- | M] () (No name found) -- C:\USERS\GEORGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\92UKAJFX.DEFAULT\EXTENSIONS\[email protected]OXY.COM.XPI
[2012/07/18 08:47:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 02:21:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/05 03:10:16 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/13 18:37:35 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/29 01:41:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/11 19:51:20 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/02 21:35:33 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/06/29 01:41:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.ask.com/?l=dis&o=15383cr
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=ATU3&o=15380&locale=en_ES&apn_uid=4333cac3-6a1e-4ff4-83ab-862f75c29133&apn_ptnrs=UJ&apn_sauid=897EBB73-85FD-4BD8-AD90-BEF85ED67C76&apn_dtid=YYYYYYYYMX&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - homepage: http://www.ask.com/?l=dis&o=15383cr
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\GEORGE\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\GEORGE\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\GEORGE\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Disabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\GEORGE\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\GEORGE\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Atube Toolbar = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaobbmnblgjajpfaaolcmoenbmpgob\7.15.4.0_0\
CHR - Extension: Atube Toolbar = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaobbmnblgjajpfaaolcmoenbmpgob\7.15.4.24150_0\
CHR - Extension: Steep and Cheap Countdown Timer = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaompibpddahnlhaklkapjkgiajbfkhm\1.8.2_0\
CHR - Extension: Your Second Phone = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgcliennfocnaoenlkmlhoakpaflpgo\2.0_0\
CHR - Extension: Radio = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh\1.0.56_0\
CHR - Extension: House Plans = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnmfkilicomdippcehaldlonfldmlfi\2.1_0\
CHR - Extension: LiveShare = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\amncclkaihpiilkhkophmkeijlpnanjk\1.0.2_0\
CHR - Extension: TV = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: QRreader beta = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfdjglobiolninfgldchakgfldifphic\0.4_0\
CHR - Extension: Gismeteo = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf\2.0.4_0\
CHR - Extension: Graphing Calculator by Desmos.com = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\1.4_0\
CHR - Extension: FancyTube (for YouTube\u2122) = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkiabklhofojmagogdjdmhmbhngajopa\2.5.1_0\
CHR - Extension: YouTube = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Learn Languages = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpojnkkdeegokioflneiljheajpnckcg\1.0_0\
CHR - Extension: Weebly - Website Builder = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb\1.0.4_0\
CHR - Extension: Google Search = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Bomomo = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnalbhgkcocoepphagnnlaiomnnngeln\1_0\
CHR - Extension: Timer = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd\1.7.6_0\
CHR - Extension: Zoho Invoice = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigjhfkhdj\1.1_0\
CHR - Extension: Telly = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbmnbdplhcomkedpjfceakddnbgfjmf\1.203_0\
CHR - Extension: Google Finance = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0\
CHR - Extension: Zeta Uploader = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdaoellipjkfejjeegcjckdkhpanhnmg\1.8.2_0\
CHR - Extension: To do List = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhenmfleihbenpgdjmdjoigkpemnckja\0.241_0\
CHR - Extension: Stupeflix Video Maker = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem\1.5_0\
CHR - Extension: XML Tree = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbammbheopgpmaagmckhpjbfgdfkpadb\1.9.1.9_0\
CHR - Extension: Digital Clock = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.9_0\
CHR - Extension: 20 Cubed = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\geghmabifcdlkmpnkapfefbbfaonhcef\1.12_0\
CHR - Extension: Planetarium = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.1_0\
CHR - Extension: History Eraser = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\3.1_0\
CHR - Extension: History Eraser = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\3.2_0\
CHR - Extension: Guitar Tuner = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbenbgblhhlecmfechhfecgioakobfdl\3.0.0.2_0\
CHR - Extension: Free Online PDF Unlocker = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjoacaoedfohchdpbeoekenccjokodm\1.0.1.1_0\
CHR - Extension: iPiccy Photo Editor = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh\1.1_0\
CHR - Extension: Brain Waves = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaikojchkbhnichnjehbhbloaiapifmk\3.0_0\
CHR - Extension: PDF to Word Converter App = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclipofobaadknkadkpgggmjkebddjam\2.0_0\
CHR - Extension: Todoist: To-Do list and Task Manager = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh\3.0_0\
CHR - Extension: Todoist: To-Do list and Task Manager = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh\4.0_0\
CHR - Extension: Quick Earth = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\khodocggeplgfhppgagfdpbjkniadmdh\3.3_0\
CHR - Extension: Quick Earth = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\khodocggeplgfhppgagfdpbjkniadmdh\3.6_0\
CHR - Extension: Divvr = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackkieddhpmioebogincgkkcagabhgm\2.0_0\
CHR - Extension: Numerics Calculator & Converter = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe\4.3.4_0\
CHR - Extension: 3D Solar System Web = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd\0.32_0\
CHR - Extension: BitTorrentBar = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0\
CHR - Extension: DSL speedtest = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibbfkdeofpfmkclkgjfnjppdblhpddj\1.1_0\
CHR - Extension: ruul. Screen ruler = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlbnpnlmfngmlcmkhjpbfokdphfehhjj\5.0_0\
CHR - Extension: ruul. Screen ruler = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlbnpnlmfngmlcmkhjpbfokdphfehhjj\5.5.2_0\
CHR - Extension: Flight 3D Aerobatics Training = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\napaodofbddcgpbgepkedckklhcmpilc\1.0_0\
CHR - Extension: Flight 3D Aerobatics Training = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\napaodofbddcgpbgepkedckklhcmpilc\2.0.0_0\
CHR - Extension: BeGone = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk\1.2_0\
CHR - Extension: Advanced Periodic Table = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\obpkghbakijeifcoimhhechlmcbdmmli\1.7_0\
CHR - Extension: Wikinvest Portfolio Manager = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpkgmnajebobcebngnagdabphfmooej\1.0_0\
CHR - Extension: Bullet Physics NaCl Test = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgehkhceingafmkkmbeoempaablkkeal\1.0_0\
CHR - Extension: Gmail = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/30 10:20:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:*64bit:* - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Reg Error: Key error.)
O16:*64bit:* - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16:*64bit:* - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Reg Error: Key error.)
O16:*64bit:* - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:*64bit:* - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A2AAD8D-00ED-4328-8C39-9EA02965B7FB}: DhcpNameServer = 192.168.1.254
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-itss - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012/04/12 15:38:06 | 000,584,087 | ---- | M] () - J:\AUTOVIAS MORELIA-MEXICO 13 04 2012.pdf -- [ FAT32 ]
O32 - AutoRun File - [2012/04/12 15:50:36 | 000,407,040 | ---- | M] () - J:\autovias morelia mex pon df 13 04 2012 PHOTO.pub -- [ FAT32 ]
O32 - AutoRun File - [2012/04/13 14:09:12 | 000,584,512 | ---- | M] () - J:\AUTOVIAS MEXICO MORELIA 13 04 2012.pdf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpFolder: C:^Users^GEORGE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: *Adobe ARM* - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: *AdobeAAMUpdater-1.0* - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: *AdobeCS6ServiceManager* - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: *APSDaemon* - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: *BCSSync* - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: *Facebook Update* - hkey= - key= - C:\Users\GEORGE\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig:64bit - StartUpReg: *HotKeysCmds* - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: *HP Quick Launch* - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: *HP Software Update* - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: *IgfxTray* - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: *IntelliPoint* - hkey= - key= - c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: *iTunesHelper* - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: *LightScribe Control Panel* - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: *Malwarebytes' Anti-Malware* - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: *Messenger (Yahoo!)* - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: *NortonOnlineBackupReminder* - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: *Persistence* - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: *PWRISOVM.EXE* - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
MsConfig:64bit - StartUpReg: *QuickTime Task* - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: *RTHDVCPL* - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: *RtkOSD* - hkey= - key= - C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
MsConfig:64bit - StartUpReg: *Sidebar* - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: *SunJavaUpdateSched* - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: *SUPERAntiSpyware* - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig:64bit - StartUpReg: *SwitchBoard* - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: *SynTPEnh* - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: *WirelessAssistant* - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/05 00:28:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\GEORGE\Desktop\OTL.com
[2012/09/05 00:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/05 00:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/31 18:13:34 | 000,000,000 | ---D | C] -- C:\Users\GEORGE\Desktop\NEW DDS & ATTACH
[2012/08/28 13:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Able2Extract
[2012/08/28 13:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Investintech.com Inc
[2012/08/24 18:25:48 | 000,078,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2012/08/24 18:25:48 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2012/08/24 18:25:30 | 000,111,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2012/08/24 18:25:30 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2012/08/24 18:22:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2012/08/24 18:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2012/08/24 18:20:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2012/08/24 18:20:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2012/08/24 18:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/08/24 18:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2012/08/24 18:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012/08/24 18:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012/08/24 18:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/08/24 18:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/08/24 18:08:52 | 000,000,000 | ---D | C] -- C:\Users\GEORGE\Documents\Visual Studio 2010
[2012/08/24 18:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2012/08/24 18:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2012/08/24 18:03:50 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2012/08/24 18:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2012/08/24 18:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2012/08/23 17:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/08/23 17:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/08/23 17:20:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/08/23 17:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2012/08/14 19:20:53 | 000,000,000 | ---D | C] -- C:\Users\GEORGE\Desktop\FORMAT LIBRARIES
[2012/08/14 18:53:10 | 000,000,000 | ---D | C] -- C:\Users\GEORGE\Desktop\FORMAT DWNLOADS
[2012/08/14 18:42:39 | 000,000,000 | ---D | C] -- C:\Users\GEORGE\Desktop\FORMAT DESKTOP
[2012/08/13 00:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/05 00:46:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/05 00:31:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\GEORGE\Desktop\OTL.com
[2012/09/05 00:28:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000UA.job
[2012/09/05 00:02:58 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/05 00:02:31 | 000,887,232 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/05 00:02:31 | 000,727,268 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/05 00:02:31 | 000,146,154 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/04 23:14:35 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/04 23:14:35 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/04 23:12:18 | 000,869,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/04 23:11:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/04 22:31:59 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/04 22:31:33 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/04 16:28:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000Core.job
[2012/09/04 16:24:43 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000UA.job
[2012/09/04 16:24:42 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000Core.job
[2012/09/04 14:31:58 | 000,002,420 | ---- | M] () -- C:\Users\GEORGE\Desktop\Google Chrome.lnk
[2012/09/03 15:05:10 | 000,023,265 | ---- | M] () -- C:\Users\GEORGE\Desktop\129603083J.pdf
[2012/09/01 15:12:33 | 000,293,396 | ---- | M] () -- C:\Users\GEORGE\Desktop\tunnel marbin crop.jpg
[2012/09/01 15:08:33 | 000,247,026 | ---- | M] () -- C:\Users\GEORGE\Desktop\estadio leon crop.jpg
[2012/08/31 17:57:31 | 000,006,662 | ---- | M] () -- C:\Users\GEORGE\AppData\Roaming\wklnhst.dat
[2012/08/30 21:09:32 | 000,308,275 | ---- | M] () -- C:\Users\GEORGE\Desktop\After-Hours-Chicago-Skyline-Illinois.jpg
[2012/08/29 11:45:51 | 000,034,908 | ---- | M] () -- C:\Users\GEORGE\Desktop\553849_10151051434372781_11814732_n.jpg
[2012/08/28 22:53:33 | 003,652,799 | ---- | M] () -- C:\Users\GEORGE\Desktop\Biology for Dummies, 2nd Edition.pdf
[2012/08/28 22:29:11 | 000,055,075 | ---- | M] () -- C:\Users\GEORGE\Desktop\MJ.jpg
[2012/08/28 13:15:43 | 000,001,308 | ---- | M] () -- C:\Users\Public\Desktop\Able2Extract.lnk
[2012/08/28 12:48:42 | 000,001,296 | ---- | M] () -- C:\Users\GEORGE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/08/25 10:19:51 | 000,001,391 | ---- | M] () -- C:\Users\GEORGE\Desktop\Microsoft Visual Basic 2010 Express.lnk
[2012/08/23 17:20:54 | 000,002,122 | ---- | M] () -- C:\Users\Public\Desktop\MP3 Downloader.lnk
[2012/08/23 17:20:54 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\Video Search.lnk
[2012/08/23 17:20:49 | 000,001,190 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2012/08/17 01:06:29 | 000,025,156 | ---- | M] () -- C:\Users\GEORGE\Desktop\ORDER OF PROTECION WILL COUNTY.pdf
[2012/08/13 11:14:52 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGEORGE.job
[2012/08/12 21:59:04 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGEORGE-PC$.job
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/05 00:02:58 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/05 00:02:35 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/03 15:05:09 | 000,023,265 | ---- | C] () -- C:\Users\GEORGE\Desktop\129603083J.pdf
[2012/09/01 15:12:32 | 000,293,396 | ---- | C] () -- C:\Users\GEORGE\Desktop\tunnel marbin crop.jpg
[2012/09/01 15:08:33 | 000,247,026 | ---- | C] () -- C:\Users\GEORGE\Desktop\estadio leon crop.jpg
[2012/09/01 15:05:45 | 000,786,269 | ---- | C] () -- C:\Users\GEORGE\Desktop\DSC05825.JPG
[2012/09/01 15:05:45 | 000,763,332 | ---- | C] () -- C:\Users\GEORGE\Desktop\DSC05829.JPG
[2012/08/30 21:09:31 | 000,308,275 | ---- | C] () -- C:\Users\GEORGE\Desktop\After-Hours-Chicago-Skyline-Illinois.jpg
[2012/08/29 11:45:47 | 000,034,908 | ---- | C] () -- C:\Users\GEORGE\Desktop\553849_10151051434372781_11814732_n.jpg
[2012/08/28 22:53:30 | 003,652,799 | ---- | C] () -- C:\Users\GEORGE\Desktop\Biology for Dummies, 2nd Edition.pdf
[2012/08/28 22:29:09 | 000,055,075 | ---- | C] () -- C:\Users\GEORGE\Desktop\MJ.jpg
[2012/08/28 13:15:43 | 000,001,308 | ---- | C] () -- C:\Users\Public\Desktop\Able2Extract.lnk
[2012/08/25 10:19:51 | 000,001,391 | ---- | C] () -- C:\Users\GEORGE\Desktop\Microsoft Visual Basic 2010 Express.lnk
[2012/08/24 18:02:27 | 000,887,232 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/23 17:20:49 | 000,001,190 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2012/08/17 01:06:29 | 000,025,156 | ---- | C] () -- C:\Users\GEORGE\Desktop\ORDER OF PROTECION WILL COUNTY.pdf
[2012/08/13 00:36:04 | 000,002,122 | ---- | C] () -- C:\Users\Public\Desktop\MP3 Downloader.lnk
[2012/07/30 01:45:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/30 01:45:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/30 01:45:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/30 01:45:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/30 01:45:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/22 22:00:39 | 000,007,642 | ---- | C] () -- C:\Users\GEORGE\AppData\Local\Resmon.ResmonCfg
[2012/01/07 11:15:57 | 000,000,632 | RHS- | C] () -- C:\Users\GEORGE\ntuser.pol
[2011/12/25 00:17:41 | 000,003,584 | ---- | C] () -- C:\Users\GEORGE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/22 22:36:03 | 000,006,662 | ---- | C] () -- C:\Users\GEORGE\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2012/02/05 06:09:39 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\AVG
[2012/02/02 04:37:08 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\AVG2012
[2012/03/10 18:16:29 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\Babylon
[2012/07/08 05:26:28 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\BitTorrent
[2012/04/01 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/24 20:33:02 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\funkitron
[2012/02/12 22:50:39 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\GetRightToGo
[2011/12/25 00:27:18 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\muvee Technologies
[2012/02/15 14:23:44 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\NCH Swift Sound
[2011/11/19 00:04:35 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\PictureMover
[2012/06/06 04:36:22 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\PowerISO
[2012/03/13 19:15:12 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\Registry Mechanic
[2011/11/22 22:36:05 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\Template
[2012/07/21 10:29:25 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\Tific
[2012/03/31 02:11:31 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\TotalRecorder
[2011/11/24 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\WildTangent
[2012/04/05 23:04:08 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\Windows Live Writer
[2011/12/06 21:07:04 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\WinZip
[2012/09/04 16:24:42 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000Core.job
[2012/09/04 16:24:43 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000UA.job
[2012/04/17 19:55:20 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %SYSTEMDRIVE%\*.exe >

< %LOCALAPPDATA%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/03/24 13:35:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/03/24 13:36:37 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/03/24 13:35:43 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/03/24 13:34:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/03/24 13:36:37 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/03/24 13:34:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/03/24 13:36:37 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/03/24 13:34:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/03/24 13:36:37 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/03/24 13:35:43 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/03/24 13:34:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/03/24 13:35:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Users\GEORGE\Desktop\FORMAT DESKTOP\KEVINF80\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Users\GEORGE\Desktop\FORMAT DESKTOP\KEVINF80\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/03/24 13:36:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/03/24 13:36:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp1B5B4F1
< End of report >
EXTRAS.TXT SCAN LOG:
OTL Extras logfile created on: 9/5/2012 12:39:25 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\GEORGE\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 57.09% Memory free
7.81 Gb Paging File | 5.92 Gb Available in Paging File | 75.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.44 Gb Total Space | 316.38 Gb Free Space | 70.08% Space Free | Partition Type: NTFS
Drive D: | 14.03 Gb Total Space | 1.72 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 92.36 Mb Free Space | 93.27% Space Free | Partition Type: FAT32
Drive H: | 7.20 Gb Total Space | 4.63 Gb Free Space | 64.32% Space Free | Partition Type: FAT32
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 7.46 Gb Total Space | 0.90 Gb Free Space | 12.10% Space Free | Partition Type: FAT32

Computer Name: GEORGE-PC | User Name: GEORGE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BDBBD8-5AAD-4BF0-A8F4-97AB33754E6D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{02ECA335-E026-423F-B799-F53512B3657E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0814E008-F4DF-4A1C-9247-736F82BF2B93}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0E6B73CB-045F-4AF1-894D-6C9E75A9E3BD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{167F845D-1451-4BD3-9B9A-964ED336E94B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{35EDB278-925D-476D-BC3D-D0CE7BFEB5E8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3C5A7827-FD75-498B-AE25-D7FD8893C39F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3D16D3CC-CED3-4B55-B93C-1E43A356FB0E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{3F108B15-D87F-47FE-B05B-406717024B6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4420E16D-551D-41A6-8C05-BA70E91BE641}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4810BE29-8019-4775-8F02-071CA0DB4DE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4BE22965-530D-4355-99B9-70FB4BB250A7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5634329D-7669-4627-B97F-327DA311339E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{592EDD7F-8A27-4E63-86DD-FD0649BEE6F8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{69D6347D-CFFB-4CE5-A9EE-4B5A0CD11982}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{7AE5558D-E69F-4181-AB3D-5E4079024642}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7F9F85A6-9C01-4B13-ADCB-41F3F2B90A6D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{819BA766-3E40-46A1-A89C-FFA8FD00CB0F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9B835893-1756-4B93-9124-9D093530F88B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9E57ADAC-8C9C-4B43-81A6-5EA26CA329CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A05188D8-EFDC-4351-8D71-DE4F292AB6C2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B9F0FF7B-D252-482D-83D1-EC929DF0A196}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BA3E24B7-93E4-4B23-9186-55B423E0F2D7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BE684DF6-D4A8-4427-BF90-8AA7B1533F21}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C52AD7B8-66DF-45AC-910C-3B18F9485ED5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E8F09FCF-BE57-494F-8512-2AAD6B8FA9FF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F4305A76-B0D2-469E-B3D8-122A8E3D0C3D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FAAE42ED-E725-4F28-91B5-ADA364298DE0}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CE65ED-33E1-4D5E-8E56-28C2392A3952}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{03B82E40-E8D6-416A-9236-0A916D29BEED}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0566150B-25D5-4631-9B2F-CD7C25939933}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{07C700CF-9C87-4B0C-AF11-7D7289F58D66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{08DE2717-956C-4A09-8471-56C394E07FFF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{137B565E-939A-4D33-815D-A97A694288F7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1591BBF4-2CB4-40C9-98D7-1BFDA46255D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{168145D6-1533-409A-9F96-1E002CF4AEDF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1A1FA1E1-8309-4DE9-9D88-46E60798DA8F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{1DFB9860-BDC5-4A24-86DE-1D7D1ADB3B4B}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{1F2DE382-B527-431D-A48A-ECE96614E8ED}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{1FE521DD-D6BF-4230-BD55-8E29A9BEC7A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2DF860FA-8865-4F08-B9C5-E6C6AC47255C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{320AF77B-DB25-40AE-9014-526CEE0D3F11}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{33C1EA13-20FA-4E91-BDAF-54FF46BBE761}" = protocol=58 | dir=out | [email protected],-28546 | 
"{3A8742D8-DC0B-434C-B729-5A52BD7482D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{434B44C4-5559-42A0-B9ED-4CF82487ED7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{46F98B2C-5A7B-4B6E-B555-6CCCBE59F63D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{49D3161A-4230-436C-A81B-4E246B3CBFF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{559800D5-1F76-4330-9679-8CA56D582B7D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{5C148B1F-4B7B-443E-82AE-332AD38ABDA5}" = protocol=1 | dir=in | [email protected],-28543 | 
"{5EF5F2A6-6803-4132-BC9A-372076A47ADA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{702FE0D7-9FE6-458A-903B-F3513F6D6545}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{731D67F8-42B7-45C8-8ADE-54E85F6D4BBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7D893F1C-11EE-40F7-A82E-9023317421EE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{7E43F614-F3D3-49B0-8ED8-636722BA27B4}" = protocol=58 | dir=in | [email protected],-28545 | 
"{7E64AED6-BC81-4B92-973F-582981D17182}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8295B0F2-0450-4DF8-A5E3-ACFD095ADD7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{82F03F63-E8AB-493B-AAD9-DFC800070200}" = protocol=1 | dir=out | [email protected],-28544 | 
"{89C9B58B-112C-4192-9CAF-4910910E50E5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{9D52B599-2D28-4BAE-96EF-2C5FFF35E1F6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9FE6B607-E7A0-4E88-8639-13EBF880462D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A61B5788-7CF1-4CC4-A934-C30426403D58}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A6B367C7-EE68-46D0-9487-3044CE98FA1A}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{AC64DAAC-4F35-458E-A0A8-0E51347AF601}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{B1686460-D9F9-48A5-BE4C-11185A4F209A}" = protocol=6 | dir=out | app=system | 
"{B7D63507-6AD8-48C2-A3AD-2F81D6792595}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEEA8C42-C92D-4F64-8B72-C36F9DA09A18}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{C2A239A4-3E0E-4717-9E0C-1982BE887713}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{C2E01826-C0FB-4E6E-A503-F2025126A589}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{C5673868-310B-4AFC-9286-07A8D8E5D67D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CF643D50-8187-4E20-81C2-6E6494B72A19}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D636CD6D-EA6A-415E-A688-9BE84775BB30}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{D75FA11D-F3A2-49BD-AD87-86A8C7768CE9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DC54B88C-EBDA-4D9B-BEE0-4D43700896DA}" = dir=in | app=c:\users\george\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{F651ABCF-E1E5-46BA-AFFA-0293E462F882}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FDD31A32-8BD2-41C1-88C4-339EC367A981}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{04084918-E99D-4BEE-8974-14088480111B}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"TCP Query User{23192428-5251-4BF9-A3CE-241FB84F786B}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{255C0D3C-5820-4F83-9AE0-10F57EB8B90B}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"TCP Query User{2AE805BA-B279-4D20-B8F6-67811329BC97}C:\users\george\appdata\local\mediasearch\search.exe" = protocol=6 | dir=in | app=c:\users\george\appdata\local\mediasearch\search.exe | 
"TCP Query User{527F7D71-8FAD-4D12-B6F5-A558E41025AA}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"TCP Query User{5429BF38-DAE1-4157-9F64-0B9C0257B612}C:\users\george\downloads\0b787c4d15a949968cd6c3c0eb9f42c8_pod12_en-us.exe" = protocol=6 | dir=in | app=c:\users\george\downloads\0b787c4d15a949968cd6c3c0eb9f42c8_pod12_en-us.exe | 
"TCP Query User{7922640D-2384-4DDA-897B-D1AFED156847}C:\users\george\downloads\tor browser\app\tor.exe" = protocol=6 | dir=in | app=c:\users\george\downloads\tor browser\app\tor.exe | 
"TCP Query User{8424D624-D82A-498B-ACC7-EE1DB6B49461}C:\users\george\downloads\tor browser\app\tor.exe" = protocol=6 | dir=in | app=c:\users\george\downloads\tor browser\app\tor.exe | 
"TCP Query User{A34B7F3A-FC0E-484A-B829-29322EB9E643}C:\users\george\downloads\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\george\downloads\bittorrent.exe | 
"TCP Query User{A71D24DF-7240-487C-BAE8-BCC43A29D5AA}C:\users\george\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\george\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{D541F1BA-BF70-45BC-AA09-2955C0621C35}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{D8B16366-CCAA-44C8-A606-5CE0F09DAEC6}C:\users\george\appdata\local\mediasearch\search.exe" = protocol=6 | dir=in | app=c:\users\george\appdata\local\mediasearch\search.exe | 
"UDP Query User{11A4D1EF-5D19-4E27-9862-AFC96BB43252}C:\users\george\downloads\0b787c4d15a949968cd6c3c0eb9f42c8_pod12_en-us.exe" = protocol=17 | dir=in | app=c:\users\george\downloads\0b787c4d15a949968cd6c3c0eb9f42c8_pod12_en-us.exe | 
"UDP Query User{1D2617B0-DFDF-4153-A775-8E62B472A6E9}C:\users\george\downloads\tor browser\app\tor.exe" = protocol=17 | dir=in | app=c:\users\george\downloads\tor browser\app\tor.exe | 
"UDP Query User{25711915-1049-4090-A5AF-693954336423}C:\users\george\appdata\local\mediasearch\search.exe" = protocol=17 | dir=in | app=c:\users\george\appdata\local\mediasearch\search.exe | 
"UDP Query User{3EB4299B-4FFD-4429-9E0F-035C195C2206}C:\users\george\appdata\local\mediasearch\search.exe" = protocol=17 | dir=in | app=c:\users\george\appdata\local\mediasearch\search.exe | 
"UDP Query User{705D44E2-2D62-4FAB-9D41-41613DB97222}C:\users\george\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\george\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{82B84908-5EDD-42FE-826B-ABCB6DEF3D41}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{93C5E4B6-3036-468C-9768-1D8A342E8835}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{A9EE60EB-DFDA-4666-8B11-30C3872DC2F9}C:\users\george\downloads\tor browser\app\tor.exe" = protocol=17 | dir=in | app=c:\users\george\downloads\tor browser\app\tor.exe | 
"UDP Query User{BDBBC21A-1378-4C0C-ABDA-1DB29FD4FE42}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{C714A909-9075-43F2-8F23-89B6D6E9BBAD}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{DCB2A676-A6A1-49C4-8692-C98E2551AA15}C:\users\george\downloads\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\george\downloads\bittorrent.exe | 
"UDP Query User{E3465A2B-BE63-4F77-ABD8-319CE56CDB11}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 (64-Bit)
"_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{10762393-1B90-4AC2-AF1A-4C0C04AE303F}" = CorelDRAW Graphics Suite X6 - VBA (x64)
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1967EF95-E00B-4669-8B1C-A589BE8BF24F}" = CorelDRAW Graphics Suite X6 - Capture (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E3A578C-0A7D-4820-990F-B7545C0B2303}" = CorelDRAW Graphics Suite X6 - VSTA (x64)
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{27AE72A4-B217-4CDC-B82B-3311E9D7460E}" = CorelDRAW Graphics Suite X6 - Draw (x64)
"{2C72B5E4-AA34-4F1A-8C7E-468530F9F6A3}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}" = CorelDRAW Graphics Suite X6 - Common (x64)
"{3933C06C-8239-432B-87FC-F2BDC5B49A10}" = CorelDRAW Graphics Suite X6 - FontNav (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}" = CorelDRAW Graphics Suite X6 - Redist (x64)
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7386B5FA-8715-481D-821F-7785110506DF}" = CorelDRAW Graphics Suite X6 - Custom Data (x64)
"{79899C6B-E315-4A3F-8904-02DEAB8D660D}" = Corel Graphics - Windows Shell Extension 32 Bit
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}" = CorelDRAW Graphics Suite X6 - VideoBrowser (x64)
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}" = CorelDRAW Graphics Suite X6 - Connect (x64)
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files 
"{B6DF7031-2843-44FD-9CAB-DECAB4257456}" = CorelDRAW Graphics Suite X6 - IPM
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BB65D262-3EBC-4F10-89D9-67A320E94EAA}" = CorelDRAW Graphics Suite X6 - EN (x64)
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 - Setup Files (x64)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CCE7423E-1D84-4CD3-9E32-220EC9358D97}" = CorelDRAW Graphics Suite X6 (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D7C2687D-924E-4485-B367-C7D95CBF8DDD}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}" = CorelDRAW Graphics Suite X6 - Writing Tools (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E699230D-4B5E-411E-9F45-FF50789B18DD}" = CorelDRAW Graphics Suite X6 - Filters (x64)
"{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{053DA2BD-8150-422C-BCD4-768432436BC5}" = Corel Website Creator X6
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3D6E2470-E584-11D4-B097-009027BD8645}" = Axis Camera Explorer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{49272E0B-CF97-4BD6-85A0-9B1C59495850}_is1" = Able2Extract 7.0
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4FE9DD16-A687-4659-9B31-0BDC73D254E9}" = Corel Website Creator X6
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{7011A94B-C918-4F5E-BE20-0F63F4E631FE}" = Corel Website Creator X6
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ares" = Ares 2.1.8
"aTube Catcher" = aTube Catcher
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Elite Proxy Switcher_is1" = Elite Proxy Switcher 1.20
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn
"ExpressZip" = Express Zip File Compression Software
"FrostWire 5" = FrostWire 5.3.3
"Graboid Video" = Graboid Video 3.03
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KeyBlaze" = KeyBlaze Typing Tutor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"TotalRecorder" = Total Recorder 8.3 Developer Edition
"WavePad" = WavePad Sound Editor
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinZip Self-Extractor" = WinZip Self-Extractor
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = aTube Toolbar Updater
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2012 2:19:35 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5585

Error - 7/2/2012 2:19:36 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2012 2:19:36 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6599

Error - 7/2/2012 2:19:36 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6599

Error - 7/2/2012 3:10:37 AM | Computer Name = GEORGE-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_3_300_257.exe, version:
11.3.300.257, time stamp: 0x4fc82063 Faulting module name: NPSWF32_11_3_300_257.dll,
version: 11.3.300.257, time stamp: 0x4fc821fc Exception code: 0xc0000005 Fault offset:
0x000ccb60 Faulting process id: 0x1864 Faulting application start time: 0x01cd5814f4378fcc
Faulting
application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Faulting
module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll Report 
Id: 056fbdda-c415-11e1-a635-c80aa9a761ab

Error - 7/2/2012 3:42:37 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2012 3:42:37 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1669

Error - 7/2/2012 3:42:37 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1669

Error - 7/2/2012 3:42:38 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2012 3:42:38 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2667

Error - 7/2/2012 3:42:38 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2667

[ Hewlett-Packard Events ]
Error - 3/23/2012 7:17:37 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 4/13/2012 7:58:57 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 4/13/2012 7:58:58 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 4/13/2012 7:59:13 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/6/2012 6:15:43 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/6/2012 6:15:44 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/13/2012 9:42:25 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/13/2012 9:42:25 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/13/2012 10:28:11 PM | Computer Name = GEORGE-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3998 Ram Utilization: TargetSite: Void RaiseExceptionIfNecessary()

Error - 7/13/2012 10:34:06 PM | Computer Name = GEORGE-PC | Source = HPSF.exe | ID = 4000
Description =

[ Media Center Events ]
Error - 1/17/2012 12:40:30 AM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 10:40:30 PM - Error connecting to the internet. 10:40:30 PM - Unable
to contact server..

Error - 1/24/2012 12:15:10 AM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 10:15:10 PM - Error connecting to the internet. 10:15:10 PM - Unable
to contact server..

Error - 1/30/2012 2:52:29 AM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 12:52:29 AM - Error connecting to the internet. 12:52:29 AM - Unable
to contact server..

Error - 2/20/2012 12:35:12 PM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 10:35:12 AM - Error connecting to the internet. 10:35:12 AM - Unable
to contact server..

Error - 2/20/2012 12:35:22 PM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 10:35:17 AM - Error connecting to the internet. 10:35:17 AM - Unable
to contact server..

Error - 2/21/2012 1:10:19 PM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 11:10:19 AM - Error connecting to the internet. 11:10:19 AM - Unable
to contact server..

Error - 2/21/2012 1:10:32 PM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 11:10:25 AM - Error connecting to the internet. 11:10:25 AM - Unable
to contact server..

Error - 3/1/2012 5:52:42 PM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 3:52:38 PM - Error connecting to the internet. 3:52:38 PM - Unable
to contact server..

[ System Events ]
Error - 4/13/2012 12:58:49 PM | Computer Name = GEORGE-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 4/12/2012 4:45:14 PM | Computer Name = GEORGE-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 4/12/2012 4:45:33 PM | Computer Name = GEORGE-PC | Source = DCOM | ID = 10005
Description =

Error - 4/12/2012 4:45:33 PM | Computer Name = GEORGE-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 4/13/2012 2:52:27 AM | Computer Name = GEORGE-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 4/13/2012 2:52:42 AM | Computer Name = GEORGE-PC | Source = DCOM | ID = 10005
Description =

Error - 4/13/2012 2:52:41 AM | Computer Name = GEORGE-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 4/6/2012 11:23:38 AM | Computer Name = GEORGE-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 4/6/2012 12:01:34 PM | Computer Name = GEORGE-PC | Source = DCOM | ID = 10005
Description =

Error - 4/6/2012 12:01:34 PM | Computer Name = GEORGE-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

< End of report >


----------



## kevinf80 (Mar 21, 2006)

Yes please can you you delete the OTL logs and re-run again, make sure you get the instruction exactly as per my reply #23 

Also you mention installing Microsoft Security Essentials, did you update and run it? did it find anything?

Thank you,

Kevin..


----------



## xshine25 (Jul 7, 2012)

Ok. Microsoft Security Essentials was downloaded, updated n ran. The scan came back clean.
Here are the new OTL & EXTRAS scan logs.

OTL logfile created on: 9/5/2012 10:59:07 PM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\GEORGE\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 68.09% Memory free
7.81 Gb Paging File | 6.49 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.44 Gb Total Space | 313.68 Gb Free Space | 69.48% Space Free | Partition Type: NTFS
Drive D: | 14.03 Gb Total Space | 1.63 Gb Free Space | 11.63% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 92.36 Mb Free Space | 93.27% Space Free | Partition Type: FAT32
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 7.46 Gb Total Space | 0.90 Gb Free Space | 12.10% Space Free | Partition Type: FAT32

Computer Name: GEORGE-PC | User Name: GEORGE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/05 00:31:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\GEORGE\Desktop\OTL.com
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/10 02:12:34 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:*64bit:* - [2010/11/30 13:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:*64bit:* - [2010/01/18 17:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:*64bit:* - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:*64bit:* - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/18 08:47:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/07/13 22:29:15 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2012/05/30 23:10:48 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:*64bit:* - [2012/03/26 16:45:14 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2011/12/14 22:12:40 | 000,121,584 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TotRec8.sys -- (TotRec8)
DRV:*64bit:* - [2011/09/08 02:46:56 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:*64bit:* - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2011/06/07 07:44:16 | 000,040,128 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:*64bit:* - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:*64bit:* - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:*64bit:* - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:*64bit:* - [2010/03/05 14:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:*64bit:* - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:*64bit:* - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:*64bit:* - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:*64bit:* - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:*64bit:* - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:*64bit:* - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:*64bit:* - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2007/04/03 13:59:20 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s616bus.sys -- (s616bus)
DRV - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:*64bit:* - HKLM\..\SearchScopes\{80AABB12-28B8-4096-B5E6-A42AA754EA3E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:*64bit:* - HKLM\..\SearchScopes\{853581B2-20A6-4597-B81C-3A3F931E4635}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:*64bit:* - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchbrowsing.com
IE - HKLM\..\SearchScopes,DefaultScope = {0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}
IE - HKLM\..\SearchScopes\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}: "URL" = http://www.searchbrowsing.com/web.php?src=hmp&hl=en&camefrom=defaultsearch&q={searchTerms}
IE - HKLM\..\SearchScopes\{80AABB12-28B8-4096-B5E6-A42AA754EA3E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{853581B2-20A6-4597-B81C-3A3F931E4635}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.searchonme.com/?q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://es.ask.com/?l=dis&o=15383
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}: "URL" = http://www.searchbrowsing.com/web.php?src=hmp&hl=en&camefrom=defaultsearch&q={searchTerms}
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=989c0cff00000000000070f1a17f3422
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{13519A79-A2A3-4B53-854E-421C33854A68}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{2FB242D6-BE26-4249-AA63-E5E716A00DF7}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=897EBB73-85FD-4BD8-AD90-BEF85ED67C76
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{4D9CF7D1-74FD-45C4-8F21-07EF97CFC09F}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{80AABB12-28B8-4096-B5E6-A42AA754EA3E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{853581B2-20A6-4597-B81C-3A3F931E4635}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...207d7015c&lang=en&ds=st011&pr=sa&d=2012-06-05 03:10:19&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{9BF90FA6-4529-4D39-B2AF-D765A855D5F5}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.searchonme.com/?q={searchTerms}
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://es.ask.com/?l=dis&o=15383"
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: [email protected]:10.0.0.7
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.5.1.00
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\GEORGE\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GEORGE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GEORGE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\GEORGE\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 14:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 08:47:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/30 01:18:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 08:47:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/30 01:18:22 | 000,000,000 | ---D | M]

[2012/02/04 18:32:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Extensions
[2012/08/29 21:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions
[2012/04/18 12:36:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/29 21:08:36 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/07/14 17:07:51 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\[email protected]
[2012/03/10 19:02:10 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\[email protected]
[2012/08/23 17:21:05 | 000,000,000 | ---D | M] (aTube Toolbar) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\extensions\[email protected]
[2012/08/23 17:21:05 | 000,002,324 | ---- | M] () -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\searchplugins\askcom.xml
[2012/02/02 21:35:33 | 000,002,519 | ---- | M] () -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\searchplugins\Search_Results.xml
[2012/04/06 21:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/06 17:03:57 | 000,014,714 | ---- | M] () (No name found) -- C:\USERS\GEORGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\92UKAJFX.DEFAULT\EXTENSIONS\{E6C1199F-E687-42DA-8C24-E7770CC3AE66}.XPI
[2012/07/23 18:21:36 | 000,015,979 | ---- | M] () (No name found) -- C:\USERS\GEORGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\92UKAJFX.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 08:47:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 02:21:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/05 03:10:16 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/13 18:37:35 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/29 01:41:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/11 19:51:20 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/02 21:35:33 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/06/29 01:41:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.ask.com/?l=dis&o=15383cr
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?c...F85ED67C76&apn_dtid=YYYYYYYYMX&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - homepage: http://www.ask.com/?l=dis&o=15383cr
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\GEORGE\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\GEORGE\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\GEORGE\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Disabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\GEORGE\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\GEORGE\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Atube Toolbar = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaobbmnblgjajpfaaolcmoenbmpgob\7.15.4.0_0\
CHR - Extension: Atube Toolbar = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaobbmnblgjajpfaaolcmoenbmpgob\7.15.4.24150_0\
CHR - Extension: Steep and Cheap Countdown Timer = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaompibpddahnlhaklkapjkgiajbfkhm\1.8.2_0\
CHR - Extension: Your Second Phone = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgcliennfocnaoenlkmlhoakpaflpgo\2.0_0\
CHR - Extension: Radio = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh\1.0.56_0\
CHR - Extension: House Plans = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnmfkilicomdippcehaldlonfldmlfi\2.1_0\
CHR - Extension: LiveShare = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\amncclkaihpiilkhkophmkeijlpnanjk\1.0.2_0\
CHR - Extension: TV = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: QRreader beta = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfdjglobiolninfgldchakgfldifphic\0.4_0\
CHR - Extension: Gismeteo = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf\2.0.4_0\
CHR - Extension: Graphing Calculator by Desmos.com = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\1.4_0\
CHR - Extension: FancyTube (for YouTube\u2122) = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkiabklhofojmagogdjdmhmbhngajopa\2.5.1_0\
CHR - Extension: YouTube = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Learn Languages = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpojnkkdeegokioflneiljheajpnckcg\1.0_0\
CHR - Extension: Weebly - Website Builder = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb\1.0.4_0\
CHR - Extension: Google Search = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Bomomo = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnalbhgkcocoepphagnnlaiomnnngeln\1_0\
CHR - Extension: Timer = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd\1.7.6_0\
CHR - Extension: Zoho Invoice = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigjhfkhdj\1.1_0\
CHR - Extension: Telly = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbmnbdplhcomkedpjfceakddnbgfjmf\1.203_0\
CHR - Extension: Google Finance = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0\
CHR - Extension: Zeta Uploader = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdaoellipjkfejjeegcjckdkhpanhnmg\1.8.2_0\
CHR - Extension: To do List = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhenmfleihbenpgdjmdjoigkpemnckja\0.241_0\
CHR - Extension: Stupeflix Video Maker = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem\1.5_0\
CHR - Extension: XML Tree = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbammbheopgpmaagmckhpjbfgdfkpadb\1.9.1.9_0\
CHR - Extension: Digital Clock = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.9_0\
CHR - Extension: 20 Cubed = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\geghmabifcdlkmpnkapfefbbfaonhcef\1.12_0\
CHR - Extension: Planetarium = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.1_0\
CHR - Extension: History Eraser = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\3.1_0\
CHR - Extension: History Eraser = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\3.2_0\
CHR - Extension: Guitar Tuner = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbenbgblhhlecmfechhfecgioakobfdl\3.0.0.2_0\
CHR - Extension: Free Online PDF Unlocker = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjoacaoedfohchdpbeoekenccjokodm\1.0.1.1_0\
CHR - Extension: iPiccy Photo Editor = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh\1.1_0\
CHR - Extension: Brain Waves = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaikojchkbhnichnjehbhbloaiapifmk\3.0_0\
CHR - Extension: PDF to Word Converter App = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclipofobaadknkadkpgggmjkebddjam\2.0_0\
CHR - Extension: Todoist: To-Do list and Task Manager = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh\3.0_0\
CHR - Extension: Todoist: To-Do list and Task Manager = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh\4.0_0\
CHR - Extension: Quick Earth = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\khodocggeplgfhppgagfdpbjkniadmdh\3.3_0\
CHR - Extension: Quick Earth = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\khodocggeplgfhppgagfdpbjkniadmdh\3.6_0\
CHR - Extension: Divvr = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackkieddhpmioebogincgkkcagabhgm\2.0_0\
CHR - Extension: Numerics Calculator & Converter = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe\4.3.4_0\
CHR - Extension: 3D Solar System Web = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd\0.32_0\
CHR - Extension: BitTorrentBar = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0\
CHR - Extension: DSL speedtest = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibbfkdeofpfmkclkgjfnjppdblhpddj\1.1_0\
CHR - Extension: ruul. Screen ruler = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlbnpnlmfngmlcmkhjpbfokdphfehhjj\5.0_0\
CHR - Extension: ruul. Screen ruler = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlbnpnlmfngmlcmkhjpbfokdphfehhjj\5.5.2_0\
CHR - Extension: Flight 3D Aerobatics Training = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\napaodofbddcgpbgepkedckklhcmpilc\1.0_0\
CHR - Extension: Flight 3D Aerobatics Training = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\napaodofbddcgpbgepkedckklhcmpilc\2.0.0_0\
CHR - Extension: BeGone = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk\1.2_0\
CHR - Extension: Advanced Periodic Table = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\obpkghbakijeifcoimhhechlmcbdmmli\1.7_0\
CHR - Extension: Wikinvest Portfolio Manager = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpkgmnajebobcebngnagdabphfmooej\1.0_0\
CHR - Extension: Bullet Physics NaCl Test = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgehkhceingafmkkmbeoempaablkkeal\1.0_0\
CHR - Extension: Gmail = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/30 10:20:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:*64bit:* - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Reg Error: Key error.)
O16:*64bit:* - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16:*64bit:* - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Reg Error: Key error.)
O16:*64bit:* - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:*64bit:* - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A2AAD8D-00ED-4328-8C39-9EA02965B7FB}: DhcpNameServer = 192.168.1.254
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-itss - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012/04/12 15:38:06 | 000,584,087 | ---- | M] () - J:\AUTOVIAS MORELIA-MEXICO 13 04 2012.pdf -- [ FAT32 ]
O32 - AutoRun File - [2012/04/12 15:50:36 | 000,407,040 | ---- | M] () - J:\autovias morelia mex pon df 13 04 2012 PHOTO.pub -- [ FAT32 ]
O32 - AutoRun File - [2012/04/13 14:09:12 | 000,584,512 | ---- | M] () - J:\AUTOVIAS MEXICO MORELIA 13 04 2012.pdf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpFolder: C:^Users^GEORGE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: *Adobe ARM* - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: *AdobeAAMUpdater-1.0* - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: *AdobeCS6ServiceManager* - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: *APSDaemon* - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: *BCSSync* - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: *Facebook Update* - hkey= - key= - C:\Users\GEORGE\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig:64bit - StartUpReg: *HotKeysCmds* - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: *HP Quick Launch* - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: *HP Software Update* - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: *IgfxTray* - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: *IntelliPoint* - hkey= - key= - c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: *iTunesHelper* - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: *LightScribe Control Panel* - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: *Malwarebytes' Anti-Malware* - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: *Messenger (Yahoo!)* - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: *NortonOnlineBackupReminder* - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: *Persistence* - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: *PWRISOVM.EXE* - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
MsConfig:64bit - StartUpReg: *QuickTime Task* - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: *RTHDVCPL* - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: *RtkOSD* - hkey= - key= - C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
MsConfig:64bit - StartUpReg: *Sidebar* - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: *SunJavaUpdateSched* - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: *SUPERAntiSpyware* - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig:64bit - StartUpReg: *SwitchBoard* - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: *SynTPEnh* - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: *WirelessAssistant* - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/05 00:28:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\GEORGE\Desktop\OTL.com
[2012/09/05 00:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/05 00:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/31 18:13:34 | 000,000,000 | ---D | C] -- C:\Users\GEORGE\Desktop\NEW DDS & ATTACH
[2012/08/28 13:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Able2Extract
[2012/08/28 13:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Investintech.com Inc
[2012/08/24 18:25:48 | 000,078,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2012/08/24 18:25:48 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2012/08/24 18:25:30 | 000,111,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2012/08/24 18:25:30 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2012/08/24 18:22:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2012/08/24 18:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2012/08/24 18:20:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2012/08/24 18:20:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2012/08/24 18:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/08/24 18:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2012/08/24 18:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012/08/24 18:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012/08/24 18:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/08/24 18:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/08/24 18:08:52 | 000,000,000 | ---D | C] -- C:\Users\GEORGE\Documents\Visual Studio 2010
[2012/08/24 18:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2012/08/24 18:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2012/08/24 18:03:50 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2012/08/24 18:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2012/08/24 18:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2012/08/23 17:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/08/23 17:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/08/23 17:20:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/08/23 17:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2012/08/14 19:20:53 | 000,000,000 | ---D | C] -- C:\Users\GEORGE\Desktop\FORMAT LIBRARIES
[2012/08/14 18:53:10 | 000,000,000 | ---D | C] -- C:\Users\GEORGE\Desktop\FORMAT DWNLOADS
[2012/08/14 18:42:39 | 000,000,000 | ---D | C] -- C:\Users\GEORGE\Desktop\FORMAT DESKTOP
[2012/08/13 00:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/05 23:01:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/05 23:01:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/05 22:53:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/05 22:53:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/05 22:53:17 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/05 16:46:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/05 16:33:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000Core.job
[2012/09/05 16:32:46 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000UA.job
[2012/09/05 16:32:43 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000UA.job
[2012/09/05 16:32:43 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000Core.job
[2012/09/05 11:16:54 | 000,873,426 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/05 11:16:54 | 000,727,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/05 11:16:54 | 000,146,324 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/05 00:31:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\GEORGE\Desktop\OTL.com
[2012/09/05 00:02:58 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/05 00:02:31 | 000,887,232 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/04 14:31:58 | 000,002,420 | ---- | M] () -- C:\Users\GEORGE\Desktop\Google Chrome.lnk
[2012/09/03 15:05:10 | 000,023,265 | ---- | M] () -- C:\Users\GEORGE\Desktop\129603083J.pdf
[2012/09/01 15:12:33 | 000,293,396 | ---- | M] () -- C:\Users\GEORGE\Desktop\tunnel marbin crop.jpg
[2012/09/01 15:08:33 | 000,247,026 | ---- | M] () -- C:\Users\GEORGE\Desktop\estadio leon crop.jpg
[2012/08/31 17:57:31 | 000,006,662 | ---- | M] () -- C:\Users\GEORGE\AppData\Roaming\wklnhst.dat
[2012/08/30 21:09:32 | 000,308,275 | ---- | M] () -- C:\Users\GEORGE\Desktop\After-Hours-Chicago-Skyline-Illinois.jpg
[2012/08/29 11:45:51 | 000,034,908 | ---- | M] () -- C:\Users\GEORGE\Desktop\553849_10151051434372781_11814732_n.jpg
[2012/08/28 22:53:33 | 003,652,799 | ---- | M] () -- C:\Users\GEORGE\Desktop\Biology for Dummies, 2nd Edition.pdf
[2012/08/28 22:29:11 | 000,055,075 | ---- | M] () -- C:\Users\GEORGE\Desktop\MJ.jpg
[2012/08/28 13:15:43 | 000,001,308 | ---- | M] () -- C:\Users\Public\Desktop\Able2Extract.lnk
[2012/08/28 12:48:42 | 000,001,296 | ---- | M] () -- C:\Users\GEORGE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/08/25 10:19:51 | 000,001,391 | ---- | M] () -- C:\Users\GEORGE\Desktop\Microsoft Visual Basic 2010 Express.lnk
[2012/08/23 17:20:54 | 000,002,122 | ---- | M] () -- C:\Users\Public\Desktop\MP3 Downloader.lnk
[2012/08/23 17:20:54 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\Video Search.lnk
[2012/08/23 17:20:49 | 000,001,190 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2012/08/17 01:06:29 | 000,025,156 | ---- | M] () -- C:\Users\GEORGE\Desktop\ORDER OF PROTECION WILL COUNTY.pdf
[2012/08/13 11:14:52 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGEORGE.job
[2012/08/12 21:59:04 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGEORGE-PC$.job
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/05 00:02:58 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/05 00:02:35 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/03 15:05:09 | 000,023,265 | ---- | C] () -- C:\Users\GEORGE\Desktop\129603083J.pdf
[2012/09/01 15:12:32 | 000,293,396 | ---- | C] () -- C:\Users\GEORGE\Desktop\tunnel marbin crop.jpg
[2012/09/01 15:08:33 | 000,247,026 | ---- | C] () -- C:\Users\GEORGE\Desktop\estadio leon crop.jpg
[2012/09/01 15:05:45 | 000,786,269 | ---- | C] () -- C:\Users\GEORGE\Desktop\DSC05825.JPG
[2012/09/01 15:05:45 | 000,763,332 | ---- | C] () -- C:\Users\GEORGE\Desktop\DSC05829.JPG
[2012/08/30 21:09:31 | 000,308,275 | ---- | C] () -- C:\Users\GEORGE\Desktop\After-Hours-Chicago-Skyline-Illinois.jpg
[2012/08/29 11:45:47 | 000,034,908 | ---- | C] () -- C:\Users\GEORGE\Desktop\553849_10151051434372781_11814732_n.jpg
[2012/08/28 22:53:30 | 003,652,799 | ---- | C] () -- C:\Users\GEORGE\Desktop\Biology for Dummies, 2nd Edition.pdf
[2012/08/28 22:29:09 | 000,055,075 | ---- | C] () -- C:\Users\GEORGE\Desktop\MJ.jpg
[2012/08/28 13:15:43 | 000,001,308 | ---- | C] () -- C:\Users\Public\Desktop\Able2Extract.lnk
[2012/08/25 10:19:51 | 000,001,391 | ---- | C] () -- C:\Users\GEORGE\Desktop\Microsoft Visual Basic 2010 Express.lnk
[2012/08/24 18:02:27 | 000,887,232 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/23 17:20:49 | 000,001,190 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2012/08/17 01:06:29 | 000,025,156 | ---- | C] () -- C:\Users\GEORGE\Desktop\ORDER OF PROTECION WILL COUNTY.pdf
[2012/08/13 00:36:04 | 000,002,122 | ---- | C] () -- C:\Users\Public\Desktop\MP3 Downloader.lnk
[2012/07/30 01:45:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/30 01:45:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/30 01:45:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/30 01:45:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/30 01:45:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/22 22:00:39 | 000,007,642 | ---- | C] () -- C:\Users\GEORGE\AppData\Local\Resmon.ResmonCfg
[2012/01/07 11:15:57 | 000,000,632 | RHS- | C] () -- C:\Users\GEORGE\ntuser.pol
[2011/12/25 00:17:41 | 000,003,584 | ---- | C] () -- C:\Users\GEORGE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/22 22:36:03 | 000,006,662 | ---- | C] () -- C:\Users\GEORGE\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2012/02/05 06:09:39 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\AVG
[2012/02/02 04:37:08 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\AVG2012
[2012/03/10 18:16:29 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\Babylon
[2012/07/08 05:26:28 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\BitTorrent
[2012/04/01 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/24 20:33:02 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\funkitron
[2012/02/12 22:50:39 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\GetRightToGo
[2011/12/25 00:27:18 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\muvee Technologies
[2012/02/15 14:23:44 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\NCH Swift Sound
[2011/11/19 00:04:35 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\PictureMover
[2012/06/06 04:36:22 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\PowerISO
[2012/03/13 19:15:12 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\Registry Mechanic
[2011/11/22 22:36:05 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\Template
[2012/07/21 10:29:25 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\Tific
[2012/03/31 02:11:31 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\TotalRecorder
[2011/11/24 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\WildTangent
[2012/04/05 23:04:08 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\Windows Live Writer
[2011/12/06 21:07:04 | 000,000,000 | ---D | M] -- C:\Users\GEORGE\AppData\Roaming\WinZip
[2012/04/08 16:02:29 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PictureMover
[2012/01/07 11:19:45 | 000,000,000 | ---D | M] -- C:\Users\Mar\AppData\Roaming\PictureMover
[2012/01/07 11:28:33 | 000,000,000 | ---D | M] -- C:\Users\Mar\AppData\Roaming\Template
[2012/09/05 16:32:43 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000Core.job
[2012/09/05 16:32:43 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2257943674-3338997938-4154493867-1000UA.job
[2012/04/17 19:55:20 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %SYSTEMDRIVE%\*.exe >

< %LOCALAPPDATA%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/03/24 13:35:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/03/24 13:36:37 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/03/24 13:35:43 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/03/24 13:34:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/03/24 13:36:37 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/03/24 13:34:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/03/24 13:36:37 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/03/24 13:34:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/03/24 13:36:37 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/03/24 13:35:43 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/03/24 13:34:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/03/24 13:35:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Users\GEORGE\Desktop\FORMAT DESKTOP\KEVINF80\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Users\GEORGE\Desktop\FORMAT DESKTOP\KEVINF80\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/03/24 13:36:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/03/24 13:36:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp1B5B4F1
< End of report >

OTL Extras logfile created on: 9/5/2012 10:59:07 PM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\GEORGE\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 68.09% Memory free
7.81 Gb Paging File | 6.49 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.44 Gb Total Space | 313.68 Gb Free Space | 69.48% Space Free | Partition Type: NTFS
Drive D: | 14.03 Gb Total Space | 1.63 Gb Free Space | 11.63% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 92.36 Mb Free Space | 93.27% Space Free | Partition Type: FAT32
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 7.46 Gb Total Space | 0.90 Gb Free Space | 12.10% Space Free | Partition Type: FAT32

Computer Name: GEORGE-PC | User Name: GEORGE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BDBBD8-5AAD-4BF0-A8F4-97AB33754E6D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{02ECA335-E026-423F-B799-F53512B3657E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0814E008-F4DF-4A1C-9247-736F82BF2B93}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0E6B73CB-045F-4AF1-894D-6C9E75A9E3BD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{167F845D-1451-4BD3-9B9A-964ED336E94B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{35EDB278-925D-476D-BC3D-D0CE7BFEB5E8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3C5A7827-FD75-498B-AE25-D7FD8893C39F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3D16D3CC-CED3-4B55-B93C-1E43A356FB0E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{3F108B15-D87F-47FE-B05B-406717024B6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4420E16D-551D-41A6-8C05-BA70E91BE641}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4810BE29-8019-4775-8F02-071CA0DB4DE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4BE22965-530D-4355-99B9-70FB4BB250A7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5634329D-7669-4627-B97F-327DA311339E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{592EDD7F-8A27-4E63-86DD-FD0649BEE6F8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{69D6347D-CFFB-4CE5-A9EE-4B5A0CD11982}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{7AE5558D-E69F-4181-AB3D-5E4079024642}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7F9F85A6-9C01-4B13-ADCB-41F3F2B90A6D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{819BA766-3E40-46A1-A89C-FFA8FD00CB0F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9B835893-1756-4B93-9124-9D093530F88B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9E57ADAC-8C9C-4B43-81A6-5EA26CA329CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A05188D8-EFDC-4351-8D71-DE4F292AB6C2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B9F0FF7B-D252-482D-83D1-EC929DF0A196}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BA3E24B7-93E4-4B23-9186-55B423E0F2D7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BE684DF6-D4A8-4427-BF90-8AA7B1533F21}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C52AD7B8-66DF-45AC-910C-3B18F9485ED5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E8F09FCF-BE57-494F-8512-2AAD6B8FA9FF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F4305A76-B0D2-469E-B3D8-122A8E3D0C3D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FAAE42ED-E725-4F28-91B5-ADA364298DE0}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CE65ED-33E1-4D5E-8E56-28C2392A3952}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{03B82E40-E8D6-416A-9236-0A916D29BEED}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0566150B-25D5-4631-9B2F-CD7C25939933}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{07C700CF-9C87-4B0C-AF11-7D7289F58D66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{08DE2717-956C-4A09-8471-56C394E07FFF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{137B565E-939A-4D33-815D-A97A694288F7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1591BBF4-2CB4-40C9-98D7-1BFDA46255D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{168145D6-1533-409A-9F96-1E002CF4AEDF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1A1FA1E1-8309-4DE9-9D88-46E60798DA8F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{1DFB9860-BDC5-4A24-86DE-1D7D1ADB3B4B}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{1F2DE382-B527-431D-A48A-ECE96614E8ED}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{1FE521DD-D6BF-4230-BD55-8E29A9BEC7A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2DF860FA-8865-4F08-B9C5-E6C6AC47255C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{320AF77B-DB25-40AE-9014-526CEE0D3F11}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{33C1EA13-20FA-4E91-BDAF-54FF46BBE761}" = protocol=58 | dir=out | [email protected],-28546 | 
"{3A8742D8-DC0B-434C-B729-5A52BD7482D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{434B44C4-5559-42A0-B9ED-4CF82487ED7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{46F98B2C-5A7B-4B6E-B555-6CCCBE59F63D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{49D3161A-4230-436C-A81B-4E246B3CBFF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{559800D5-1F76-4330-9679-8CA56D582B7D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{5C148B1F-4B7B-443E-82AE-332AD38ABDA5}" = protocol=1 | dir=in | [email protected],-28543 | 
"{5EF5F2A6-6803-4132-BC9A-372076A47ADA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{702FE0D7-9FE6-458A-903B-F3513F6D6545}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{731D67F8-42B7-45C8-8ADE-54E85F6D4BBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7D893F1C-11EE-40F7-A82E-9023317421EE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{7E43F614-F3D3-49B0-8ED8-636722BA27B4}" = protocol=58 | dir=in | [email protected],-28545 | 
"{7E64AED6-BC81-4B92-973F-582981D17182}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8295B0F2-0450-4DF8-A5E3-ACFD095ADD7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{82F03F63-E8AB-493B-AAD9-DFC800070200}" = protocol=1 | dir=out | [email protected],-28544 | 
"{89C9B58B-112C-4192-9CAF-4910910E50E5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{9D52B599-2D28-4BAE-96EF-2C5FFF35E1F6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9FE6B607-E7A0-4E88-8639-13EBF880462D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A61B5788-7CF1-4CC4-A934-C30426403D58}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A6B367C7-EE68-46D0-9487-3044CE98FA1A}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{AC64DAAC-4F35-458E-A0A8-0E51347AF601}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{B1686460-D9F9-48A5-BE4C-11185A4F209A}" = protocol=6 | dir=out | app=system | 
"{B7D63507-6AD8-48C2-A3AD-2F81D6792595}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEEA8C42-C92D-4F64-8B72-C36F9DA09A18}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{C2A239A4-3E0E-4717-9E0C-1982BE887713}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{C2E01826-C0FB-4E6E-A503-F2025126A589}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{C5673868-310B-4AFC-9286-07A8D8E5D67D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CF643D50-8187-4E20-81C2-6E6494B72A19}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D636CD6D-EA6A-415E-A688-9BE84775BB30}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{D75FA11D-F3A2-49BD-AD87-86A8C7768CE9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DC54B88C-EBDA-4D9B-BEE0-4D43700896DA}" = dir=in | app=c:\users\george\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{F651ABCF-E1E5-46BA-AFFA-0293E462F882}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FDD31A32-8BD2-41C1-88C4-339EC367A981}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{04084918-E99D-4BEE-8974-14088480111B}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"TCP Query User{23192428-5251-4BF9-A3CE-241FB84F786B}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{255C0D3C-5820-4F83-9AE0-10F57EB8B90B}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"TCP Query User{2AE805BA-B279-4D20-B8F6-67811329BC97}C:\users\george\appdata\local\mediasearch\search.exe" = protocol=6 | dir=in | app=c:\users\george\appdata\local\mediasearch\search.exe | 
"TCP Query User{527F7D71-8FAD-4D12-B6F5-A558E41025AA}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"TCP Query User{5429BF38-DAE1-4157-9F64-0B9C0257B612}C:\users\george\downloads\0b787c4d15a949968cd6c3c0eb9f42c8_pod12_en-us.exe" = protocol=6 | dir=in | app=c:\users\george\downloads\0b787c4d15a949968cd6c3c0eb9f42c8_pod12_en-us.exe | 
"TCP Query User{7922640D-2384-4DDA-897B-D1AFED156847}C:\users\george\downloads\tor browser\app\tor.exe" = protocol=6 | dir=in | app=c:\users\george\downloads\tor browser\app\tor.exe | 
"TCP Query User{8424D624-D82A-498B-ACC7-EE1DB6B49461}C:\users\george\downloads\tor browser\app\tor.exe" = protocol=6 | dir=in | app=c:\users\george\downloads\tor browser\app\tor.exe | 
"TCP Query User{A34B7F3A-FC0E-484A-B829-29322EB9E643}C:\users\george\downloads\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\george\downloads\bittorrent.exe | 
"TCP Query User{A71D24DF-7240-487C-BAE8-BCC43A29D5AA}C:\users\george\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\george\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{D541F1BA-BF70-45BC-AA09-2955C0621C35}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{D8B16366-CCAA-44C8-A606-5CE0F09DAEC6}C:\users\george\appdata\local\mediasearch\search.exe" = protocol=6 | dir=in | app=c:\users\george\appdata\local\mediasearch\search.exe | 
"UDP Query User{11A4D1EF-5D19-4E27-9862-AFC96BB43252}C:\users\george\downloads\0b787c4d15a949968cd6c3c0eb9f42c8_pod12_en-us.exe" = protocol=17 | dir=in | app=c:\users\george\downloads\0b787c4d15a949968cd6c3c0eb9f42c8_pod12_en-us.exe | 
"UDP Query User{1D2617B0-DFDF-4153-A775-8E62B472A6E9}C:\users\george\downloads\tor browser\app\tor.exe" = protocol=17 | dir=in | app=c:\users\george\downloads\tor browser\app\tor.exe | 
"UDP Query User{25711915-1049-4090-A5AF-693954336423}C:\users\george\appdata\local\mediasearch\search.exe" = protocol=17 | dir=in | app=c:\users\george\appdata\local\mediasearch\search.exe | 
"UDP Query User{3EB4299B-4FFD-4429-9E0F-035C195C2206}C:\users\george\appdata\local\mediasearch\search.exe" = protocol=17 | dir=in | app=c:\users\george\appdata\local\mediasearch\search.exe | 
"UDP Query User{705D44E2-2D62-4FAB-9D41-41613DB97222}C:\users\george\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\george\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{82B84908-5EDD-42FE-826B-ABCB6DEF3D41}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{93C5E4B6-3036-468C-9768-1D8A342E8835}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{A9EE60EB-DFDA-4666-8B11-30C3872DC2F9}C:\users\george\downloads\tor browser\app\tor.exe" = protocol=17 | dir=in | app=c:\users\george\downloads\tor browser\app\tor.exe | 
"UDP Query User{BDBBC21A-1378-4C0C-ABDA-1DB29FD4FE42}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{C714A909-9075-43F2-8F23-89B6D6E9BBAD}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{DCB2A676-A6A1-49C4-8692-C98E2551AA15}C:\users\george\downloads\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\george\downloads\bittorrent.exe | 
"UDP Query User{E3465A2B-BE63-4F77-ABD8-319CE56CDB11}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 (64-Bit)
"_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{10762393-1B90-4AC2-AF1A-4C0C04AE303F}" = CorelDRAW Graphics Suite X6 - VBA (x64)
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1967EF95-E00B-4669-8B1C-A589BE8BF24F}" = CorelDRAW Graphics Suite X6 - Capture (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E3A578C-0A7D-4820-990F-B7545C0B2303}" = CorelDRAW Graphics Suite X6 - VSTA (x64)
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{27AE72A4-B217-4CDC-B82B-3311E9D7460E}" = CorelDRAW Graphics Suite X6 - Draw (x64)
"{2C72B5E4-AA34-4F1A-8C7E-468530F9F6A3}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}" = CorelDRAW Graphics Suite X6 - Common (x64)
"{3933C06C-8239-432B-87FC-F2BDC5B49A10}" = CorelDRAW Graphics Suite X6 - FontNav (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}" = CorelDRAW Graphics Suite X6 - Redist (x64)
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7386B5FA-8715-481D-821F-7785110506DF}" = CorelDRAW Graphics Suite X6 - Custom Data (x64)
"{79899C6B-E315-4A3F-8904-02DEAB8D660D}" = Corel Graphics - Windows Shell Extension 32 Bit
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}" = CorelDRAW Graphics Suite X6 - VideoBrowser (x64)
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}" = CorelDRAW Graphics Suite X6 - Connect (x64)
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files 
"{B6DF7031-2843-44FD-9CAB-DECAB4257456}" = CorelDRAW Graphics Suite X6 - IPM
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BB65D262-3EBC-4F10-89D9-67A320E94EAA}" = CorelDRAW Graphics Suite X6 - EN (x64)
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 - Setup Files (x64)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CCE7423E-1D84-4CD3-9E32-220EC9358D97}" = CorelDRAW Graphics Suite X6 (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D7C2687D-924E-4485-B367-C7D95CBF8DDD}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}" = CorelDRAW Graphics Suite X6 - Writing Tools (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E699230D-4B5E-411E-9F45-FF50789B18DD}" = CorelDRAW Graphics Suite X6 - Filters (x64)
"{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{053DA2BD-8150-422C-BCD4-768432436BC5}" = Corel Website Creator X6
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3D6E2470-E584-11D4-B097-009027BD8645}" = Axis Camera Explorer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{49272E0B-CF97-4BD6-85A0-9B1C59495850}_is1" = Able2Extract 7.0
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4FE9DD16-A687-4659-9B31-0BDC73D254E9}" = Corel Website Creator X6
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{7011A94B-C918-4F5E-BE20-0F63F4E631FE}" = Corel Website Creator X6
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ares" = Ares 2.1.8
"aTube Catcher" = aTube Catcher
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Elite Proxy Switcher_is1" = Elite Proxy Switcher 1.20
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn
"ExpressZip" = Express Zip File Compression Software
"FrostWire 5" = FrostWire 5.3.3
"Graboid Video" = Graboid Video 3.03
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KeyBlaze" = KeyBlaze Typing Tutor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"TotalRecorder" = Total Recorder 8.3 Developer Edition
"WavePad" = WavePad Sound Editor
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinZip Self-Extractor" = WinZip Self-Extractor
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2257943674-3338997938-4154493867-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = aTube Toolbar Updater
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2012 3:42:42 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2012 3:42:42 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6692

Error - 7/2/2012 3:42:42 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6692

Error - 7/2/2012 3:42:43 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2012 3:42:43 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7691

Error - 7/2/2012 3:42:43 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7691

Error - 7/2/2012 3:42:44 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2012 3:42:44 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8736

Error - 7/2/2012 3:42:44 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8736

Error - 7/2/2012 3:42:45 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2012 3:42:45 AM | Computer Name = GEORGE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9750

[ Hewlett-Packard Events ]
Error - 3/23/2012 7:17:37 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 4/13/2012 7:58:57 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 4/13/2012 7:58:58 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 4/13/2012 7:59:13 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/6/2012 6:15:43 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/6/2012 6:15:44 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/13/2012 9:42:25 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/13/2012 9:42:25 PM | Computer Name = GEORGE-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/13/2012 10:28:11 PM | Computer Name = GEORGE-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
3998 Ram Utilization: TargetSite: Void RaiseExceptionIfNecessary()

Error - 7/13/2012 10:34:06 PM | Computer Name = GEORGE-PC | Source = HPSF.exe | ID = 4000
Description =

[ Media Center Events ]
Error - 1/17/2012 12:40:30 AM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 10:40:30 PM - Error connecting to the internet. 10:40:30 PM - Unable
to contact server..

Error - 1/24/2012 12:15:10 AM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 10:15:10 PM - Error connecting to the internet. 10:15:10 PM - Unable
to contact server..

Error - 1/30/2012 2:52:29 AM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 12:52:29 AM - Error connecting to the internet. 12:52:29 AM - Unable
to contact server..

Error - 2/20/2012 12:35:12 PM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 10:35:12 AM - Error connecting to the internet. 10:35:12 AM - Unable
to contact server..

Error - 2/20/2012 12:35:22 PM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 10:35:17 AM - Error connecting to the internet. 10:35:17 AM - Unable
to contact server..

Error - 2/21/2012 1:10:19 PM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 11:10:19 AM - Error connecting to the internet. 11:10:19 AM - Unable
to contact server..

Error - 2/21/2012 1:10:32 PM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 11:10:25 AM - Error connecting to the internet. 11:10:25 AM - Unable
to contact server..

Error - 3/1/2012 5:52:42 PM | Computer Name = GEORGE-PC | Source = MCUpdate | ID = 0
Description = 3:52:38 PM - Error connecting to the internet. 3:52:38 PM - Unable
to contact server..

[ System Events ]
Error - 4/13/2012 12:58:49 PM | Computer Name = GEORGE-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 4/12/2012 4:45:14 PM | Computer Name = GEORGE-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 4/12/2012 4:45:33 PM | Computer Name = GEORGE-PC | Source = DCOM | ID = 10005
Description =

Error - 4/12/2012 4:45:33 PM | Computer Name = GEORGE-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 4/13/2012 2:52:27 AM | Computer Name = GEORGE-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 4/13/2012 2:52:42 AM | Computer Name = GEORGE-PC | Source = DCOM | ID = 10005
Description =

Error - 4/13/2012 2:52:41 AM | Computer Name = GEORGE-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 4/6/2012 11:23:38 AM | Computer Name = GEORGE-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 4/6/2012 12:01:34 PM | Computer Name = GEORGE-PC | Source = DCOM | ID = 10005
Description =

Error - 4/6/2012 12:01:34 PM | Computer Name = GEORGE-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

< End of report >


----------



## xshine25 (Jul 7, 2012)

Yeah and all them "Ask" toolbars and goodies are unwanted and annoying. lol


----------



## kevinf80 (Mar 21, 2006)

Yes I did note a considerable amount of dross running on your system, ok do the following:

Re-Run







by double left click, Vista and Widows 7 users Right click, select "Run as Administrator, accept UAC alert.

Under the







box at the bottom, paste in the following


```
:OTL
PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{80AABB12-28B8-4096-B5E6-A42AA754EA3E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{853581B2-20A6-4597-B81C-3A3F931E4635}: "URL" = http://www.bing.com/search?q={search...c=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchbrowsing.com
IE - HKLM\..\SearchScopes,DefaultScope = {0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}
IE - HKLM\..\SearchScopes\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}: "URL" = http://www.searchbrowsing.com/web.ph...q={searchTerms}
IE - HKLM\..\SearchScopes\{80AABB12-28B8-4096-B5E6-A42AA754EA3E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{853581B2-20A6-4597-B81C-3A3F931E4635}: "URL" = http://www.bing.com/search?q={search...c=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src...q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.searchonme.com/?q={searchTerms}
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://es.ask.com/?l=dis&o=15383
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}: "URL" = http://www.searchbrowsing.com/web.ph...q={searchTerms}
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={search...0070f1a17f3422
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{13519A79-A2A3-4B53-854E-421C33854A68}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{2FB242D6-BE26-4249-AA63-E5E716A00DF7}: "URL" = http://websearch.ask.com/redirect?cl...0-BEF85ED67C76
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{4D9CF7D1-74FD-45C4-8F21-07EF97CFC09F}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{80AABB12-28B8-4096-B5E6-A42AA754EA3E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{853581B2-20A6-4597-B81C-3A3F931E4635}: "URL" = http://www.bing.com/search?q={search...c=IE-SearchBox
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src...q={searchTerms}
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{9BF90FA6-4529-4D39-B2AF-D765A855D5F5}: "URL" = http://search.yahoo.com/search?p={se...-8&fr=chr-yie9
IE - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.searchonme.com/?q={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://es.ask.com/?l=dis&o=15383"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt...archSource=2&q="
[2012/08/29 21:08:36 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\e xtensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/08/23 17:21:05 | 000,000,000 | ---D | M] (aTube Toolbar) -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\e xtensions\[email protected]
[2012/08/23 17:21:05 | 000,002,324 | ---- | M] () -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\s earchplugins\askcom.xml
[2012/02/02 21:35:33 | 000,002,519 | ---- | M] () -- C:\Users\GEORGE\AppData\Roaming\Mozilla\Firefox\Profiles\92ukajfx.default\s earchplugins\Search_Results.xml
[2012/03/13 18:37:35 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/29 01:41:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/11 19:51:20 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/02 21:35:33 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/06/29 01:41:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
CHR - homepage: http://www.ask.com/?l=dis&o=15383cr
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?cl...q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qs...q={searchTerms}
CHR - homepage: http://www.ask.com/?l=dis&o=15383cr
CHR - Extension: Atube Toolbar = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaobbmnblgjajpfaaolcmoenbmpgob\7.15.4.0_0\
CHR - Extension: Atube Toolbar = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaobbmnblgjajpfaaolcmoenbmpgob\7.15.4.24150_0\
CHR - Extension: BitTorrentBar = C:\Users\GEORGE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0\
O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2257943674-3338997938-4154493867-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp1B5B4F1
:Files
ipconfig /flushdns /c
C:\Program Files (x86)\Ask.com
C:\ProgramData\Ask
C:\Users\GEORGE\AppData\Roaming\Babylon
:Commands
[emptytemp]

[Reboot]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

Next,

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any *Beta* updates.
*If Java or Adobe are updated please check under Start > Control Panel > Programs and Featues, ensure any old versions are removed. <--- Very Important*

Let me know how your system is responding after you post the OTL fix log..

Kevin


----------

